Overview

overview

10

Static

static

3

New.Inquir...df.exe

windows7-x64

3

New.Inquir...df.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    17012025_0058_New.Inquiry.RFQJanuary2025.pdf.exe.iso

  • Size

    268KB

  • Sample

    250117-bby6gawre1

  • MD5

    0f68b567d4cdd2683a4f0e4cbaaf2813

  • SHA1

    4b0d43991250e8a59af656caa1ffcc4e2a3dcf7a

  • SHA256

    d34f16567afa7ebbc8969cb39c349c4be0d175500506c4ce6c4aad94f5b7d60f

  • SHA512

    75f4fa7e5d530f4621251f6638f8db292508cfff12821a4cfd4111b0a19955dc6f58fda12b19ddb09cce13a2ca8d060cc49ddcfdd7e6dd5070df7bc692c04612

  • SSDEEP

    6144:6pvCHwyAgQZqhyzapHXGeAqudI3AaJfH:CzqUuZXfSmVf

Score
10/10
collectiondiscoveryspywarestealer

Malware Config

Targets

    • Target

      New.Inquiry.RFQJanuary2025.pdf.exe

    • Size

      218KB

    • MD5

      af96d56b09b79c2e80f3ecc5bc447e84

    • SHA1

      64a66d59fd021b85c7302b2d24bb3eb700faa352

    • SHA256

      2bfd329691b57cae5b510da35b09b7e33b6dbb3dda1e8cb4cb0358707788d7c7

    • SHA512

      4942e863ea3ae46c691107b6cacbb617375d1a6938dfd6a4fe634819cdeb8d296dd2ae1acb9c3a16a4b6bcc753e5b6b8990d748d9d0e61cd0d0deff0934ae47a

    • SSDEEP

      6144:rpvCHwyAgQZqhyzapHXGeAqudI3AaJfH:lzqUuZXfSmVf

    Score
    10/10
    discoverycollectionspywarestealer

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Drops startup file

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks