Overview

overview

7

Static

static

Quotation.exe

windows7_x64

7

Quotation.exe

windows10_x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Quotation.exe

  • Size

    465KB

  • Sample

    200630-l8wmsb9af2

  • MD5

    a9e6acbd142d0b3778398f626494723b

  • SHA1

    cba8ba8278934b9df982ff4f3b03236c5060162a

  • SHA256

    46506ed8ad24375e37b2a1766e76236dd6530bfceb6ce4c0b5dfea1c894e33ca

  • SHA512

    ef1b59cee132327dd2b04ee417590000be4381b11aa41f3e6e2a9c55a6c274816df63b9e1a64d7c0a3f7d73589b77cec1439b90841b690e077b1f22a9cc08295

Score
7/10
spyware

Malware Config

Targets

    • Target

      Quotation.exe

    • Size

      465KB

    • MD5

      a9e6acbd142d0b3778398f626494723b

    • SHA1

      cba8ba8278934b9df982ff4f3b03236c5060162a

    • SHA256

      46506ed8ad24375e37b2a1766e76236dd6530bfceb6ce4c0b5dfea1c894e33ca

    • SHA512

      ef1b59cee132327dd2b04ee417590000be4381b11aa41f3e6e2a9c55a6c274816df63b9e1a64d7c0a3f7d73589b77cec1439b90841b690e077b1f22a9cc08295

    Score
    7/10
    spyware

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spyware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks