a1d213d51ebba599f3f3b86c63f8bc0ac3ef1fba052acaba3e141f7cab34d07c | Triage

Sharing

General

Target

QuLAC1s4NFCzWC1k9KV3.js
Size

16.5MB
Sample

220919-cnq63agabn
MD5

d447e3dcdac667ada7145c58fb42b0dc
SHA1

2c1b54997822a92fdd81c1091f779dfe41aa8d51
SHA256

a1d213d51ebba599f3f3b86c63f8bc0ac3ef1fba052acaba3e141f7cab34d07c
SHA512

b9595fda19ae47ed396cae76bc45abf1cb332032710f1ab2e6e3bb85e32fd8cd561680ba6a6e6f879fae54da88b36e2369c81b257a6daa0d5a728b2d62bb7f7a
SSDEEP

49152:0pzPRSn9oqSTn5yzwbWXmic5WIpJoexrvzFyAuoNMsPS1hv5o45W7RFgmAb9RR36:0pzPRSn9oqSTnV

Score

8^/10

collection discovery spyware stealer

Malware Config

Targets

- Target
  
  QuLAC1s4NFCzWC1k9KV3.js
- Size
  
  16.5MB
- MD5
  
  d447e3dcdac667ada7145c58fb42b0dc
- SHA1
  
  2c1b54997822a92fdd81c1091f779dfe41aa8d51
- SHA256
  
  a1d213d51ebba599f3f3b86c63f8bc0ac3ef1fba052acaba3e141f7cab34d07c
- SHA512
  
  b9595fda19ae47ed396cae76bc45abf1cb332032710f1ab2e6e3bb85e32fd8cd561680ba6a6e6f879fae54da88b36e2369c81b257a6daa0d5a728b2d62bb7f7a
- SSDEEP
  
  49152:0pzPRSn9oqSTn5yzwbWXmic5WIpJoexrvzFyAuoNMsPS1hv5o45W7RFgmAb9RR36:0pzPRSn9oqSTnV
Score

8^/10

collection discovery spyware stealer
- Blocklisted process makes network request
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

collectiondiscoveryspywarestealer

behavioral2

collectiondiscoveryspywarestealer