General
-
Target
e2115a42e4ef267a4484cbb5cd342ea5d12b26f93fb76f6ba92eed12129dd272.exe
-
Size
3.5MB
-
Sample
231224-cjdeeadbcm
-
MD5
40447a9f2376de63982646d8df22fb55
-
SHA1
958e4c23f9a4387f11165f2534347dbd43010d80
-
SHA256
e2115a42e4ef267a4484cbb5cd342ea5d12b26f93fb76f6ba92eed12129dd272
-
SHA512
79350e8b916a404d21911e38578275fdcccef56b363af4a10a16d81a904ee9d53146361e6337576bf68b49e9734e71312285bdf5256e3668b83da1ffa8280017
-
SSDEEP
49152:qh+ZkldoPK8Yahamthw94PNgX4h0mM8bVZSY886fynFkzOhFYg0NNT+lxkGvfME4:j2cPK8iEC4Pu4M8nBFkGUTJGv0E6
Malware Config
Targets
-
-
Target
e2115a42e4ef267a4484cbb5cd342ea5d12b26f93fb76f6ba92eed12129dd272.exe
-
Size
3.5MB
-
MD5
40447a9f2376de63982646d8df22fb55
-
SHA1
958e4c23f9a4387f11165f2534347dbd43010d80
-
SHA256
e2115a42e4ef267a4484cbb5cd342ea5d12b26f93fb76f6ba92eed12129dd272
-
SHA512
79350e8b916a404d21911e38578275fdcccef56b363af4a10a16d81a904ee9d53146361e6337576bf68b49e9734e71312285bdf5256e3668b83da1ffa8280017
-
SSDEEP
49152:qh+ZkldoPK8Yahamthw94PNgX4h0mM8bVZSY886fynFkzOhFYg0NNT+lxkGvfME4:j2cPK8iEC4Pu4M8nBFkGUTJGv0E6
Score10/10-
Qulab Stealer & Clipper
Infostealer and clipper created with AutoIt.
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-