General
-
Target
REQUEST FOR QUOTATION.gz
-
Size
119KB
-
Sample
240926-qn57wayhpk
-
MD5
5efd263f93b9447697b63f77f3bb9946
-
SHA1
05153a7ec1d06a4276f4cfbd3dcb39762691ffd6
-
SHA256
c849cea0a99e6625521bf3a5ed4cc441abc1a78e3eb13bfcabc96c00cf8977be
-
SHA512
0a4bbf668b19438b948fe93fb23caa3dd40265e8dc46bdd545409d56766a01f4ae3410064eca963ba8d88349e6950ed64356f89007fe3272ce989bd2c2fc6969
-
SSDEEP
3072:r0PT26KDtHh6VheIfymutXx6D9IiK5wUfWYvpD2yRnHx/QAj:qT2vDtHhweIK9MD9IB7uYh2aR/l
Static task
static1
Behavioral task
behavioral1
Sample
REQUEST FOR QUOTATION.js
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
REQUEST FOR QUOTATION.js
Resource
win10v2004-20240802-en
Malware Config
Extracted
https://ia904601.us.archive.org/6/items/detah-note-j/DetahNoteJ.txt
https://ia904601.us.archive.org/6/items/detah-note-j/DetahNoteJ.txt
Targets
-
-
Target
REQUEST FOR QUOTATION.js
-
Size
318KB
-
MD5
08dab38ef2c8bdada3b4928145b777f7
-
SHA1
8d9fe403c417c9fc50ed09528dd2b096ebfe6375
-
SHA256
cfea01473114d986467817f9c5e0713e84ef8d6fa8a44509780d390fc6b09b41
-
SHA512
52aeb79f20660946bb7095addb26de8f115d29c4b15cd8169418d73db102c4ca7f79096780baa896357efe40999957969631b718557fd7c35e7375a2288ea5d5
-
SSDEEP
6144:ae3G0HrhDz6LXUo09qGOWIC5pbyo68vh146TIVdDfo+IitZsVAsuG7EEqZ1Cr81b:Zr81VpOhEUX7dyIUwRjsSXKs0AUUbPMz
-
Obj3ctivity, PXRECVOWEIWOEI
Obj3ctivity aka PXRECVOWEIWOEI is an infostealer written in C#.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-