Overview

overview

7

Static

static

Quotation.exe

windows7_x64

7

Quotation.exe

windows10_x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Quotation.exe

  • Size

    431KB

  • Sample

    200630-y83h33wwde

  • MD5

    4e6d23f65ea014d6f39b6382a2818abf

  • SHA1

    15e2c5629388e45437ff60fdb1cdb958351755cc

  • SHA256

    2686990e01b4d89572990a34ea3ca265a5fec074276972d5fdb4543eb7357cc9

  • SHA512

    95941a7caa71fc0cd1f85e038b8e898451a93e2f00ea75d4828daf6f6462e08d8c0e92d50220df89fff3fb5bffd8e8f8508ad64e44d21e283f2dbaa9e1044338

Score
7/10
spyware

Malware Config

Targets

    • Target

      Quotation.exe

    • Size

      431KB

    • MD5

      4e6d23f65ea014d6f39b6382a2818abf

    • SHA1

      15e2c5629388e45437ff60fdb1cdb958351755cc

    • SHA256

      2686990e01b4d89572990a34ea3ca265a5fec074276972d5fdb4543eb7357cc9

    • SHA512

      95941a7caa71fc0cd1f85e038b8e898451a93e2f00ea75d4828daf6f6462e08d8c0e92d50220df89fff3fb5bffd8e8f8508ad64e44d21e283f2dbaa9e1044338

    Score
    7/10
    spyware

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spyware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks