General
-
Target
Quotation.exe
-
Size
1.3MB
-
Sample
241111-n31jtsyjcx
-
MD5
e23f380b4d15c76fe98fec380d9efec6
-
SHA1
2b109974d7a339b137fefb6f9de1710af7e2fe44
-
SHA256
3d9c9606d3bba567a0ce9f2d8c891239cd06c4cb470df92dfcee5fca5a0e7b7b
-
SHA512
d061a01c900b5f66a4cea18fdb956a346088d6450a2641fb42c200c4eb64a27da596584841f0fb12f4c289d7d950948f662dd0c8ea1eb7078deb94c6c207fd94
-
SSDEEP
24576:g5EmXFtKaL4/oFe5T9yyXYfP1ijXdau744En5UowqDVg02E0SkOOo2GuRlrXN+G/:gPVt/LZeJbInQRau7Vowqa02WkOv2GU7
Static task
static1
Behavioral task
behavioral1
Sample
Quotation.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
Quotation.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
Quotation.exe
-
Size
1.3MB
-
MD5
e23f380b4d15c76fe98fec380d9efec6
-
SHA1
2b109974d7a339b137fefb6f9de1710af7e2fe44
-
SHA256
3d9c9606d3bba567a0ce9f2d8c891239cd06c4cb470df92dfcee5fca5a0e7b7b
-
SHA512
d061a01c900b5f66a4cea18fdb956a346088d6450a2641fb42c200c4eb64a27da596584841f0fb12f4c289d7d950948f662dd0c8ea1eb7078deb94c6c207fd94
-
SSDEEP
24576:g5EmXFtKaL4/oFe5T9yyXYfP1ijXdau744En5UowqDVg02E0SkOOo2GuRlrXN+G/:gPVt/LZeJbInQRau7Vowqa02WkOv2GU7
Score6/10-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-