Overview

overview

10

Static

static

Quotation.exe

windows7_x64

7

Quotation.exe

windows10_x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    Quotation.exe

  • Size

    456KB

  • Sample

    200707-3mzxb3la5a

  • MD5

    35890d210ae3539ce3cf24f730d186d5

  • SHA1

    73e5145cef8463d9d1f9ea556cd3cee069370402

  • SHA256

    c2221b7f65afde44bb459fec37286e4ad1f032d30be34d04527497c4b6acfdbd

  • SHA512

    acd15ba2923e2d6fc3c43759b08247078ba0241e929664abe0d99d44e979068437c2c82f61717e4b7efd8e181f08a15fcc003380de62eed89604d41ffaee6c6a

Score
10/10
formbookevasionpersistencespywarestealertrojan

Malware Config

Targets

    • Target

      Quotation.exe

    • Size

      456KB

    • MD5

      35890d210ae3539ce3cf24f730d186d5

    • SHA1

      73e5145cef8463d9d1f9ea556cd3cee069370402

    • SHA256

      c2221b7f65afde44bb459fec37286e4ad1f032d30be34d04527497c4b6acfdbd

    • SHA512

      acd15ba2923e2d6fc3c43759b08247078ba0241e929664abe0d99d44e979068437c2c82f61717e4b7efd8e181f08a15fcc003380de62eed89604d41ffaee6c6a

    Score
    10/10
    evasiontrojanspywarestealerformbookpersistence

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Adds Run entry to policy start application

      persistence

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks