Overview

overview

7

Static

static

Quotation ......exe

windows7_x64

7

Quotation ......exe

windows10_x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Quotation 76640.Scan.pdf...exe

  • Size

    798KB

  • Sample

    200709-94fvytejkx

  • MD5

    381fb41c036095c3e98a9fa0f2103969

  • SHA1

    1fcb1e3cae11b476f54d5148c83a8a0a1a3f75db

  • SHA256

    f71131394d99b86b0a3103691f80345859a273bc8a0c6c83e7629b28de1d922e

  • SHA512

    42cb37fd9938e7a12a8eb80c100fb61a25d1d5993fa696b8d59a609444cd9682ff659d1d7bfdfe987f6eec8a380550c705c5700ebd5108bade4cd0743b566b4d

Score
7/10
spyware

Malware Config

Targets

    • Target

      Quotation 76640.Scan.pdf...exe

    • Size

      798KB

    • MD5

      381fb41c036095c3e98a9fa0f2103969

    • SHA1

      1fcb1e3cae11b476f54d5148c83a8a0a1a3f75db

    • SHA256

      f71131394d99b86b0a3103691f80345859a273bc8a0c6c83e7629b28de1d922e

    • SHA512

      42cb37fd9938e7a12a8eb80c100fb61a25d1d5993fa696b8d59a609444cd9682ff659d1d7bfdfe987f6eec8a380550c705c5700ebd5108bade4cd0743b566b4d

    Score
    7/10
    spyware

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spyware

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spyware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Exfiltration

Command and Control

Impact

Tasks