General
-
Target
Quotation.exe
-
Size
431KB
-
Sample
200630-y83h33wwde
-
MD5
4e6d23f65ea014d6f39b6382a2818abf
-
SHA1
15e2c5629388e45437ff60fdb1cdb958351755cc
-
SHA256
2686990e01b4d89572990a34ea3ca265a5fec074276972d5fdb4543eb7357cc9
-
SHA512
95941a7caa71fc0cd1f85e038b8e898451a93e2f00ea75d4828daf6f6462e08d8c0e92d50220df89fff3fb5bffd8e8f8508ad64e44d21e283f2dbaa9e1044338
Static task
static1
Behavioral task
behavioral1
Sample
Quotation.exe
Resource
win7v200430
Behavioral task
behavioral2
Sample
Quotation.exe
Resource
win10
Malware Config
Targets
-
-
Target
Quotation.exe
-
Size
431KB
-
MD5
4e6d23f65ea014d6f39b6382a2818abf
-
SHA1
15e2c5629388e45437ff60fdb1cdb958351755cc
-
SHA256
2686990e01b4d89572990a34ea3ca265a5fec074276972d5fdb4543eb7357cc9
-
SHA512
95941a7caa71fc0cd1f85e038b8e898451a93e2f00ea75d4828daf6f6462e08d8c0e92d50220df89fff3fb5bffd8e8f8508ad64e44d21e283f2dbaa9e1044338
Score7/10-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-