Overview

overview

7

Static

static

quotation.exe

windows7_x64

7

quotation.exe

windows10_x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    quotation.exe

  • Size

    407KB

  • Sample

    200708-wvpn1a9vv6

  • MD5

    086d3778e1a2fbd66b2306a1410ba159

  • SHA1

    79e0b0ad3ec89b316ca19e49e385dffd804dcdce

  • SHA256

    95a2794993515cebc252e9c2862009a653f5c8930b78127fa7ba34b59493291c

  • SHA512

    31b980f9b47321531189734a644cddc3d129040b00a2c52c1855287decc55d0f77b955a7dd5db20b2fb6deef5ddaab97f4762df19f1b2573ac4fd56caa292955

Score
7/10
spyware

Malware Config

Targets

    • Target

      quotation.exe

    • Size

      407KB

    • MD5

      086d3778e1a2fbd66b2306a1410ba159

    • SHA1

      79e0b0ad3ec89b316ca19e49e385dffd804dcdce

    • SHA256

      95a2794993515cebc252e9c2862009a653f5c8930b78127fa7ba34b59493291c

    • SHA512

      31b980f9b47321531189734a644cddc3d129040b00a2c52c1855287decc55d0f77b955a7dd5db20b2fb6deef5ddaab97f4762df19f1b2573ac4fd56caa292955

    Score
    7/10
    spyware

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spyware

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spyware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks