General
-
Target
0ab28016d1c705af8fbd02f6df029399638a6b257a891c9bee4b274bbfecdbd8
-
Size
801KB
-
Sample
241015-g9jfkatfjq
-
MD5
48161c2966c60b3bf42960378eb76672
-
SHA1
32baab2f1bacb4f4d8dbabae38acb9e1ea58e6d6
-
SHA256
0ab28016d1c705af8fbd02f6df029399638a6b257a891c9bee4b274bbfecdbd8
-
SHA512
4195a521f8cbd5083fb2afb42bc13735aec7ffc2e238a4bab96f8fdb49c0c951ea22c67806c12e8f609c4e6cf89930fe9b02f844fe09e430d476e003f72d66c5
-
SSDEEP
24576:B2AZ0o2Z943VkbT4hXZ6E/vXlVuGJCXC7+CT+e:B2AZ/2ZW3Vk0/v1Vu2CXC+CTB
Static task
static1
Behavioral task
behavioral1
Sample
Quote-00373.exe
Resource
win7-20240903-en
Malware Config
Extracted
darkcloud
- email_from
- email_to
Targets
-
-
Target
Quote-00373.exe
-
Size
826KB
-
MD5
b1c84580b3ed9a6a92745469090ea1df
-
SHA1
a093025ae4dc574b5ce7dd9525fafea003cac18f
-
SHA256
f4908b84c29c8157e12f3e8beddefbf853631d93714642309a5ba80c258fdc33
-
SHA512
4a424f4abb4fe2e65d45bde5acf91685f413ae53d52f0748d4368a653470c1159050db2ab72dbd7919929dcd07a497c22f19f3d96bfb35a058435106f56e19ef
-
SSDEEP
24576:rUgP0YW8EiCguUre4h3Z6A/vo+K+Mw97SuGJc6z46:r30zcCm3xvoe97Su2c6E6
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-