General
-
Target
Quotation.exe
-
Size
465KB
-
Sample
200630-l8wmsb9af2
-
MD5
a9e6acbd142d0b3778398f626494723b
-
SHA1
cba8ba8278934b9df982ff4f3b03236c5060162a
-
SHA256
46506ed8ad24375e37b2a1766e76236dd6530bfceb6ce4c0b5dfea1c894e33ca
-
SHA512
ef1b59cee132327dd2b04ee417590000be4381b11aa41f3e6e2a9c55a6c274816df63b9e1a64d7c0a3f7d73589b77cec1439b90841b690e077b1f22a9cc08295
Static task
static1
Behavioral task
behavioral1
Sample
Quotation.exe
Resource
win7
Behavioral task
behavioral2
Sample
Quotation.exe
Resource
win10v200430
Malware Config
Targets
-
-
Target
Quotation.exe
-
Size
465KB
-
MD5
a9e6acbd142d0b3778398f626494723b
-
SHA1
cba8ba8278934b9df982ff4f3b03236c5060162a
-
SHA256
46506ed8ad24375e37b2a1766e76236dd6530bfceb6ce4c0b5dfea1c894e33ca
-
SHA512
ef1b59cee132327dd2b04ee417590000be4381b11aa41f3e6e2a9c55a6c274816df63b9e1a64d7c0a3f7d73589b77cec1439b90841b690e077b1f22a9cc08295
Score7/10-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-