General
-
Target
New Quotation.exe
-
Size
713KB
-
Sample
200709-wwdlzj3pjx
-
MD5
1ddfef07c40749d9e7f67cf63decfa25
-
SHA1
9d55a43a877b8084c6c247907b4b95aed445a52f
-
SHA256
b3706a5ace23149f5ed6327656b49fa37aacf8814569312ac807c580a1b662d0
-
SHA512
e9416976aaf7bd9dd5b0c51e667f1750a91ba76eff3f1e4aea24faca27c5185b840004f5fd09abb5dc66465e2e1efba19f339f45c09a21b733d083b142db72da
Static task
static1
Behavioral task
behavioral1
Sample
New Quotation.exe
Resource
win7
Behavioral task
behavioral2
Sample
New Quotation.exe
Resource
win10v200430
Malware Config
Targets
-
-
Target
New Quotation.exe
-
Size
713KB
-
MD5
1ddfef07c40749d9e7f67cf63decfa25
-
SHA1
9d55a43a877b8084c6c247907b4b95aed445a52f
-
SHA256
b3706a5ace23149f5ed6327656b49fa37aacf8814569312ac807c580a1b662d0
-
SHA512
e9416976aaf7bd9dd5b0c51e667f1750a91ba76eff3f1e4aea24faca27c5185b840004f5fd09abb5dc66465e2e1efba19f339f45c09a21b733d083b142db72da
Score7/10-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-