General
-
Target
rectified quote.exe
-
Size
400KB
-
Sample
200713-g6aekvhj2j
-
MD5
0c6982e8d622d6550a6a170f1c0b9c49
-
SHA1
489f667a831be85ffd37288ca187d0517fc5d649
-
SHA256
714e525a436fc97ce8b8e31b63c79e8f13cc0577c80f613f825cafdf7fddeb1f
-
SHA512
c1b81fdc18fe5ab49b005a2e5847f6007c95baa8a04bd0b3140fc3e8295f05e141f5db2b07478798fcf5293be3f8415ae4d97daee7c926b69e8338c47898cadc
Static task
static1
Behavioral task
behavioral1
Sample
rectified quote.exe
Resource
win7v200430
Behavioral task
behavioral2
Sample
rectified quote.exe
Resource
win10
Malware Config
Targets
-
-
Target
rectified quote.exe
-
Size
400KB
-
MD5
0c6982e8d622d6550a6a170f1c0b9c49
-
SHA1
489f667a831be85ffd37288ca187d0517fc5d649
-
SHA256
714e525a436fc97ce8b8e31b63c79e8f13cc0577c80f613f825cafdf7fddeb1f
-
SHA512
c1b81fdc18fe5ab49b005a2e5847f6007c95baa8a04bd0b3140fc3e8295f05e141f5db2b07478798fcf5293be3f8415ae4d97daee7c926b69e8338c47898cadc
-
Adds Run entry to policy start application
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-