General
-
Target
QWA.exe
-
Size
879KB
-
Sample
201109-3rmj8h8jbs
-
MD5
bd1c429c2ea9b2c200470e0859761692
-
SHA1
4cbddc4bb7db82fbb0c7781d0e07ad1b0279e8af
-
SHA256
f711673ec31f884e59192cc360b841efc1c77b0d0b41787bea5424ae520f9989
-
SHA512
605730afdf0e9f381abfcf5bf17ad39538c8ed395ecb2edaa4369e7302dbde1282116dd1b40e617ca152e15ab445951032145b1f06292807023358acc91dbf18
Static task
static1
Behavioral task
behavioral1
Sample
QWA.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
QWA.exe
-
Size
879KB
-
MD5
bd1c429c2ea9b2c200470e0859761692
-
SHA1
4cbddc4bb7db82fbb0c7781d0e07ad1b0279e8af
-
SHA256
f711673ec31f884e59192cc360b841efc1c77b0d0b41787bea5424ae520f9989
-
SHA512
605730afdf0e9f381abfcf5bf17ad39538c8ed395ecb2edaa4369e7302dbde1282116dd1b40e617ca152e15ab445951032145b1f06292807023358acc91dbf18
-
Deletes itself
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-