General

  • Target

    bffa662eb9d5541fcd31c45c3de688d750aafa30900342523444db0a664c5054

  • Size

    807KB

  • Sample

    241107-sp1pwsvcpj

  • MD5

    150b42efdbbdce04d66634b8167780e1

  • SHA1

    9d36a1089bb16fa3bef90501df1f03dd90119cd2

  • SHA256

    bffa662eb9d5541fcd31c45c3de688d750aafa30900342523444db0a664c5054

  • SHA512

    c66652ab1e7b53e482af7f3a56bdb4503cdf68a371655ea48ed8a624fea44c3aa046c5fdb51d2391dbdec50518169a039e58f260ae441dd1080b1ffe98a1163b

  • SSDEEP

    24576:dt7Y8R39qYXC6ruz7EFvx3EF/c34IpV6TpQv9Z6z:dt7Y89qYXC6ruz7Sw0ZKTiv+z

Score
7/10

Malware Config

Targets

    • Target

      Quote.exe

    • Size

      1.1MB

    • MD5

      5bd138c48435c8ce360cce3882b0d97a

    • SHA1

      8327b8e546c18ceedee51ebd7fc81e9026588acf

    • SHA256

      275b87b38617ceee81d0ae60d45795b413982680b572298273fc86399617368a

    • SHA512

      5b636775b3e3124db5b8121d955a08c01f96db7ac06dd9d506be21cfa54b393b5f5e78b754776a82ba969ff0bf34cda4bd435e679198725f9ac05c79020490b8

    • SSDEEP

      24576:pRmJkcoQricOIQxiZY1iaXURlXV6V/e3E6rJmppcxBZUB:mJZoQrbTFZY1iaXEKGdopuxkB

    Score
    7/10
    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks