translator.exe

General
Target

translator.exe

Size

3MB

Sample

210111-rasehe9zza

Score
10 /10
MD5

a7cf97de0e85e78c2e9a78c8c1ffcc8d

SHA1

ec1eb927bfdb0d2696941ee1b4d9f310eabd18e2

SHA256

8351d952377c34ffbbf065f39567dbaf3907af610b5ef77831bcabf154795188

SHA512

c585bacd64ac61019652de6958750e5688d70f52e2635b0e426490a1b189d2d0c21ab4356b675b0589fbe3228c3d1491bc3733b79589a3244c5fa4c900955339

Malware Config
Targets
Target

translator.exe

MD5

a7cf97de0e85e78c2e9a78c8c1ffcc8d

Filesize

3MB

Score
10 /10
SHA1

ec1eb927bfdb0d2696941ee1b4d9f310eabd18e2

SHA256

8351d952377c34ffbbf065f39567dbaf3907af610b5ef77831bcabf154795188

SHA512

c585bacd64ac61019652de6958750e5688d70f52e2635b0e426490a1b189d2d0c21ab4356b675b0589fbe3228c3d1491bc3733b79589a3244c5fa4c900955339

Tags

Signatures

  • Qulab Stealer & Clipper

    Description

    Infostealer and clipper created with AutoIt.

    Tags

  • Executes dropped EXE

  • Sets file to hidden

    Description

    Modifies file attributes to stop it showing in Explorer etc.

    Tags

    TTPs

    Hidden Files and Directories
  • UPX packed file

    Description

    Detects executables packed with UPX/modified UPX open source packer.

    Tags

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Accesses cryptocurrency files/wallets, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry
  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in System32 directory

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Discovery
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Persistence
                Privilege Escalation
                  Tasks

                  static1

                  behavioral2

                  8/10