General
-
Target
REQUEST FOR QUOTATION.js
-
Size
318KB
-
Sample
240926-qds5kasaqe
-
MD5
08dab38ef2c8bdada3b4928145b777f7
-
SHA1
8d9fe403c417c9fc50ed09528dd2b096ebfe6375
-
SHA256
cfea01473114d986467817f9c5e0713e84ef8d6fa8a44509780d390fc6b09b41
-
SHA512
52aeb79f20660946bb7095addb26de8f115d29c4b15cd8169418d73db102c4ca7f79096780baa896357efe40999957969631b718557fd7c35e7375a2288ea5d5
-
SSDEEP
6144:ae3G0HrhDz6LXUo09qGOWIC5pbyo68vh146TIVdDfo+IitZsVAsuG7EEqZ1Cr81b:Zr81VpOhEUX7dyIUwRjsSXKs0AUUbPMz
Static task
static1
Behavioral task
behavioral1
Sample
REQUEST FOR QUOTATION.js
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
REQUEST FOR QUOTATION.js
Resource
win10v2004-20240802-en
Malware Config
Extracted
https://ia904601.us.archive.org/6/items/detah-note-j/DetahNoteJ.txt
https://ia904601.us.archive.org/6/items/detah-note-j/DetahNoteJ.txt
Targets
-
-
Target
REQUEST FOR QUOTATION.js
-
Size
318KB
-
MD5
08dab38ef2c8bdada3b4928145b777f7
-
SHA1
8d9fe403c417c9fc50ed09528dd2b096ebfe6375
-
SHA256
cfea01473114d986467817f9c5e0713e84ef8d6fa8a44509780d390fc6b09b41
-
SHA512
52aeb79f20660946bb7095addb26de8f115d29c4b15cd8169418d73db102c4ca7f79096780baa896357efe40999957969631b718557fd7c35e7375a2288ea5d5
-
SSDEEP
6144:ae3G0HrhDz6LXUo09qGOWIC5pbyo68vh146TIVdDfo+IitZsVAsuG7EEqZ1Cr81b:Zr81VpOhEUX7dyIUwRjsSXKs0AUUbPMz
-
Obj3ctivity, PXRECVOWEIWOEI
Obj3ctivity aka PXRECVOWEIWOEI is an infostealer written in C#.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-