qulab | a2b6b39830f2f48c9d4fd744160cf1a13a50b72a7ed4bf68f539dd0315418ac8

General

Target

a2b6b39830f2f48c9d4fd744160cf1a13a50b72a7ed4bf68f539dd0315418ac8
Size

3.4MB
Sample

220501-3rmadsbdbl
MD5

792c7a9c3321bf6921c7e8b7ac042487
SHA1

65d77e31774552577375822302cc2c002f58100d
SHA256

a2b6b39830f2f48c9d4fd744160cf1a13a50b72a7ed4bf68f539dd0315418ac8
SHA512

ed165e4b54e4678de04eaef2e8ae1fa9e0fd711ccfe3c65523c02b7127c7d210a64736052915408f0292638fbc07ed62636023b3bd87a9029b5aa8520815dca1

Score

10^/10

Malware Config

Targets

- Target
  
  a2b6b39830f2f48c9d4fd744160cf1a13a50b72a7ed4bf68f539dd0315418ac8
- Size
  
  3.4MB
- MD5
  
  792c7a9c3321bf6921c7e8b7ac042487
- SHA1
  
  65d77e31774552577375822302cc2c002f58100d
- SHA256
  
  a2b6b39830f2f48c9d4fd744160cf1a13a50b72a7ed4bf68f539dd0315418ac8
- SHA512
  
  ed165e4b54e4678de04eaef2e8ae1fa9e0fd711ccfe3c65523c02b7127c7d210a64736052915408f0292638fbc07ed62636023b3bd87a9029b5aa8520815dca1
Score

10^/10

qulab discovery evasion spyware stealer upx
- Qulab Stealer & Clipper
  Infostealer and clipper created with AutoIt.
  stealer qulab
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2