Overview

overview

10

Static

static

Quotation.exe

windows7_x64

10

Quotation.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cc00689f0696fe00669c8772958d42c1bd989a457bbee7ca3a6b117413aaf3ed

  • Size

    724KB

  • Sample

    220520-3s6qescdbm

  • MD5

    53e28a01b21fb91e3787d22d4e0125f3

  • SHA1

    8f2d8cb60e5e63a399f3f14d02ea4366a1af0a7d

  • SHA256

    cc00689f0696fe00669c8772958d42c1bd989a457bbee7ca3a6b117413aaf3ed

  • SHA512

    d99ffb660a8fea69b9a536988e2bafe1f10cfd07bd6752d85f5c982a36ae94aa98e94f6e2ad5fcd552d741e0d405f8a53ef4ad7dfde47e1bb5fbdb7e610be2e7

Score
10/10
massloggerspywarestealer

Malware Config

Targets

    • Target

      Quotation.exe

    • Size

      761KB

    • MD5

      82a8dd7c9cb60f7f27a3187735fe0e70

    • SHA1

      64db00701378728d6bfa898795922017b3c39bcb

    • SHA256

      f9eb2b428ced4131d2846e50d56e87302b6b7ff986c6c524c55d5cef53111d2e

    • SHA512

      cd8939f5a729bd430644a074a4bc0792277843feb72e7cb47f8f7a46b0497381cb5354486b7dc4d9cceb0dbd0e6a78a08e7a768a8ebeb3c564fe11c74e05ed90

    Score
    10/10
    massloggerspywarestealer

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

      stealerspywaremasslogger

    • MassLogger Main Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

4
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks