General

  • Target

    Quotation.exe

  • Size

    1.3MB

  • Sample

    241111-n31jtsyjcx

  • MD5

    e23f380b4d15c76fe98fec380d9efec6

  • SHA1

    2b109974d7a339b137fefb6f9de1710af7e2fe44

  • SHA256

    3d9c9606d3bba567a0ce9f2d8c891239cd06c4cb470df92dfcee5fca5a0e7b7b

  • SHA512

    d061a01c900b5f66a4cea18fdb956a346088d6450a2641fb42c200c4eb64a27da596584841f0fb12f4c289d7d950948f662dd0c8ea1eb7078deb94c6c207fd94

  • SSDEEP

    24576:g5EmXFtKaL4/oFe5T9yyXYfP1ijXdau744En5UowqDVg02E0SkOOo2GuRlrXN+G/:gPVt/LZeJbInQRau7Vowqa02WkOv2GU7

Score
6/10

Malware Config

Targets

    • Target

      Quotation.exe

    • Size

      1.3MB

    • MD5

      e23f380b4d15c76fe98fec380d9efec6

    • SHA1

      2b109974d7a339b137fefb6f9de1710af7e2fe44

    • SHA256

      3d9c9606d3bba567a0ce9f2d8c891239cd06c4cb470df92dfcee5fca5a0e7b7b

    • SHA512

      d061a01c900b5f66a4cea18fdb956a346088d6450a2641fb42c200c4eb64a27da596584841f0fb12f4c289d7d950948f662dd0c8ea1eb7078deb94c6c207fd94

    • SSDEEP

      24576:g5EmXFtKaL4/oFe5T9yyXYfP1ijXdau744En5UowqDVg02E0SkOOo2GuRlrXN+G/:gPVt/LZeJbInQRau7Vowqa02WkOv2GU7

    Score
    6/10
    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks