decbeada040f605e83f0b4df16aba94ced8762200a35d3e78ef7aedee49b37ad

Sharing

Copy URL Twitter E-mail

General

Target

Mauqes.zip
Size

67.0MB
Sample

240213-1xm3rsaa6w
MD5

1532706a9e477adaf778437b0e7afce0
SHA1

b99608f8f46fe0808b970401d5e7ce810712cab3
SHA256

decbeada040f605e83f0b4df16aba94ced8762200a35d3e78ef7aedee49b37ad
SHA512

81444002ce3124bc6b0b949d7a51ee8c2ea6782731a386ef9c0937f42ecf13fb1f7425bb1bec931c0a548b01788e68fa19629ac1962ee84158a8d870c873a3bb
SSDEEP

1572864:G+SrWqpi3XyhyoHa2mLv9Iwv23bHlLKs33hJ4Y8HM68GdkGWxUVFPdlJ:G+Sr52ChDHdEVIHrFLtRKXs/GdklsFXJ

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  Mauqes.zip
- Size
  
  67.0MB
- MD5
  
  1532706a9e477adaf778437b0e7afce0
- SHA1
  
  b99608f8f46fe0808b970401d5e7ce810712cab3
- SHA256
  
  decbeada040f605e83f0b4df16aba94ced8762200a35d3e78ef7aedee49b37ad
- SHA512
  
  81444002ce3124bc6b0b949d7a51ee8c2ea6782731a386ef9c0937f42ecf13fb1f7425bb1bec931c0a548b01788e68fa19629ac1962ee84158a8d870c873a3bb
- SSDEEP
  
  1572864:G+SrWqpi3XyhyoHa2mLv9Iwv23bHlLKs33hJ4Y8HM68GdkGWxUVFPdlJ:G+Sr52ChDHdEVIHrFLtRKXs/GdklsFXJ
Score

1^/10
behavioral1 behavioral2
- Target
  
  Mauqes.exe
- Size
  
  67.0MB
- MD5
  
  1aa63aac406c417dba03e91aac5f77ed
- SHA1
  
  ec510d315f5cf1ca915ae5b73641864a4af10670
- SHA256
  
  1b008326fb732e0cf4a92a813ade819179d65d04a2461e888b9182f33bbe3d40
- SHA512
  
  c0880091041b42a76263d568155b800f26e7191ff56a4eaaaab3ea0bc073be3857f8fda43373e97827f4152250f2a980c7d1788a5e204cf6e1993e657e1c301b
- SSDEEP
  
  1572864:J2shceP6l2sye0RrYynh1KmDOD7Fz9aqfV9DAkyTuEiKZAWWXoLLT2x7:J2shPu3yLRkOrKlPB9l/EFSfKZAjcL47
Score

7^/10

spyware stealer
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/app-64.7z
- Size
  
  66.7MB
- MD5
  
  ffefb4bec1e65371055fc5a4d25aedac
- SHA1
  
  ed40e7e453bad68d057cff07347d29b43ee61121
- SHA256
  
  a59f263556828a141af8f866b674db9205de655bb88c9bed802a0b9b51e704cf
- SHA512
  
  05a91732cd336f5cf84a39457ac16355659952c6ad0d9fc5e3ccb1b3112c287cd0b129e70871dce848cfb06a358f5a53f7742e0875501c397be44db71c302763
- SSDEEP
  
  1572864:r2shceP6l2sye0RrYynh1KmDOD7Fz9aqfV9DAkyTuEiKZAWWXoLLT2/:r2shPu3yLRkOrKlPB9l/EFSfKZAjcL+
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral10 behavioral9
- Target
  
  LICENSE.electron.txt
- Size
  
  1KB
- MD5
  
  4d42118d35941e0f664dddbd83f633c5
- SHA1
  
  2b21ec5f20fe961d15f2b58efb1368e66d202e5c
- SHA256
  
  5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
- SHA512
  
  3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63
Score

1^/10
behavioral11 behavioral12
- Target
  
  chrome_100_percent.pak
- Size
  
  126KB
- MD5
  
  d31f3439e2a3f7bee4ddd26f46a2b83f
- SHA1
  
  c5a26f86eb119ae364c5bf707bebed7e871fc214
- SHA256
  
  9f79f46ca911543ead096a5ee28a34bf1fbe56ec9ba956032a6a2892b254857e
- SHA512
  
  aa27c97bf5581eb3f5e88f112df8bfb6a5283ce44eb13fbc41855008f84fb5b111dfe0616c310c3642b7f8ac99623d7c217aecc353f54f4d8f7042840099abc5
- SSDEEP
  
  3072:5KzwqCT4waJL2myFhPNL2o418Gb0+VRLf0ld0GY3cQ39Vm2I:5Kzwt4LwmU3K18Gb0OV8ld0GecQ3f2
Score

3^/10
behavioral13 behavioral14
- Target
  
  chrome_200_percent.pak
- Size
  
  175KB
- MD5
  
  5604b67e3f03ab2741f910a250c91137
- SHA1
  
  a4bb15ac7914c22575f1051a29c448f215fe027f
- SHA256
  
  1408387e87cb5308530def6ce57bdc4e0abbbaa9e70f687fd6c3a02a56a0536c
- SHA512
  
  5e6f875068792e862b1fc8bb7b340ac0f1f4c51e53e50be81a5af8575ca3591f4e7eb9239890178b17c5a8ff4ebb23719190d7db0bd8a9aa6dcb4308ffa9a34d
- SSDEEP
  
  3072:+DQYaEQN6AJPRJL2myFhPNafR54x5GMR+F44ffbdZnYw9p4AbIVGYoDd+HxNK/r4:+DQYaNN68RwmU0gx5GMRejnbdZnVE6YR
Score

3^/10
behavioral15 behavioral16
- Target
  
  icudtl.dat
- Size
  
  10.0MB
- MD5
  
  76bef9b8bb32e1e54fe1054c97b84a10
- SHA1
  
  05dfea2a3afeda799ab01bb7fbce628cacd596f4
- SHA256
  
  97b978a19edd4746e9a44d9a44bb4bc519e127a203c247837ec0922f573449e3
- SHA512
  
  7330df8129e7a0b7b3655498b2593321595ec29445ea193c8f473c593590f5701eb7125ff6e5cde970c54765f9565fa51c2c54af6e2127f582ab45efa7a3a0f6
- SSDEEP
  
  196608:p5zwSv9AAyse6liXUxCGZHa93Whlw6ZCXU0:pyKlysTliXUxCGZHa93Whlw6ZCX1
Score

3^/10
behavioral17 behavioral18
- Target
  
  locales/af.pak
- Size
  
  340KB
- MD5
  
  198092a7a82efced4d59715bd3e41703
- SHA1
  
  ac3cdfba133330fce825816b2f9579ac240dc176
- SHA256
  
  d63222c4a20fa9741f5262634cf9751f22fbb4fcd9d3138d7c8d49e0efb57fba
- SHA512
  
  590dcc02bc3411fa585321a09f2033ca1839dd67b083622be412d60683c2c086aac81a27bc56029101f6158515cc6ae4def39d3f246b7499b30d02690904af0d
- SSDEEP
  
  6144:ptbDrUln/WiOvz9P5D4uEmv0XPjC6nAcbaK6pgwwexhsVxS42K6tA3pU5tpwDw44:ptfOOiOvzg/mCPjC6nAcbipgwwePSS4C
Score

3^/10
behavioral19 behavioral20
- Target
  
  locales/am.pak
- Size
  
  551KB
- MD5
  
  952933d2d388683c91ee7eaa7539e625
- SHA1
  
  7a0f5a10d7d61c32577c0d027db8c66c27e56c7d
- SHA256
  
  55357baf28716a73f79ac9a6af1ae63972eb79f93c415715518027fc5c528504
- SHA512
  
  5aa5ef0ed1da98b36840389e694dc5dcef496524314b61603d0c5ee03a663bb4c753623fb400792754b51331df20ac6d9cf97c183922f19fc0072822688f988d
- SSDEEP
  
  12288:WcWln6HuPPL8xJTgWHsEaYM5g9yaAVmHukPQyx30jH8+I:WR6YL8xOWHbaYM5g9yaAVmvPQ+
Score

3^/10
behavioral21 behavioral22
- Target
  
  locales/ar.pak
- Size
  
  602KB
- MD5
  
  98f8a48892b41e64bef135b86f3d4a6c
- SHA1
  
  32f8d57ec505332f711b9203aed969704bd97bc9
- SHA256
  
  e34d5cabaed4634c672591074057c12947bc9e728004228a9e75f87829f4a48a
- SHA512
  
  6ed3fe415b2f6de24136917da870b47c653d15c7a561baae55a285946a6f75e5141aba3bc064982f99baef0a893266693864c2d603c5c22c2b95627b2035f7a4
- SSDEEP
  
  12288:R2adfMtqtWP8QvYUjBLM6kXBz5ANbT+NTgTbMMgSEN7o:R2YBS2H15o+u
Score

3^/10
behavioral23 behavioral24
- Target
  
  locales/bg.pak
- Size
  
  631KB
- MD5
  
  9dc95c3b9b47cc9fe5a34b2aab2d4d01
- SHA1
  
  bc19494d160e4af6abd0a10c5adbc8114d50a714
- SHA256
  
  fc4a59ea60d04b224765be4916090e97ed8ddda6b136a92a3827ed0fcc64bb0e
- SHA512
  
  a05a506a13ac4566ecbfe7961ace091295967ea4e72a2865e647b5fa9adac9f7cf5e80b53fae0e3917dfb0b9a3f469189cd595cc4ae9239d3a849f5cedd60e46
- SSDEEP
  
  12288:mEJqOwccalYrdAs1alUx42aVVwslyLKmF/RY3YKN3R5ObDGIV+Jfu64KyzEfSZpR:vqAZlYrdAs1alUmys8lY3YKT6q2Qu6pu
Score

3^/10
behavioral25 behavioral26
- Target
  
  locales/bn.pak
- Size
  
  812KB
- MD5
  
  d6ccc9689654b84bc095cec4f1952cca
- SHA1
  
  286130971826b0af1b6d29c5283dfa71af7cd7b0
- SHA256
  
  e325d936cd97c3f9ddfca2d87caefb8b6e7465ffa31d0386ae2456b18f7a92da
- SHA512
  
  db0400820c5cd1100337c955084eac3036b55bbf66b403337bec2079bc47696e2e48a771214662b286f4f45f763d2ad423aeccbd0f06cf0bc11038662558f4a5
- SSDEEP
  
  3072:3V/mYMtWOsmmWlIpRb6rH4kSBbdXWSM5QwXlFE:3wP9sKIpRurHEBbd+5tle
Score

3^/10
behavioral27 behavioral28
- Target
  
  locales/ca.pak
- Size
  
  384KB
- MD5
  
  2f8d050c228583559cda181291b76e5a
- SHA1
  
  b047f1cfb30b1162b1dd79f7e424a83fd807eec7
- SHA256
  
  e1d6b5fd0bc411f2895eaaa1409916f5ffe39a5c6bd1bafe8af7ce33da5be17d
- SHA512
  
  e4f150cd9942ef5105e72376835da6edc31ef91783e41cd2fc04600c04f342bbc96e08e23c8af1c0c1e563bb8a7d3840a2289767525c30d08c2f23d0e837801f
- SSDEEP
  
  12288:HQrijIs3cejEYBCqol3nbhj+YbHQluSwWwXcMjdLbpuQRBtryBiGIle3nei30CtX:HPm+thFMNSGhrKU5qzEK
Score

3^/10
behavioral29 behavioral30
- Target
  
  locales/cs.pak
- Size
  
  393KB
- MD5
  
  26765c7be201444f0238962bb16a506b
- SHA1
  
  f9d4a33795e45127c14bcf35cc770845627e15e8
- SHA256
  
  936466784a55b965d23b016bc49377655bc5d281d012c8369c0809c961e05c74
- SHA512
  
  577d52d2d5048cd952aff1e76121a495328c1978cdea2eaa4f85812cc513917f69510e135e96f7967f4ed43cf88e180cb1d9059e17c855c8d4f94ca036730214
- SSDEEP
  
  6144:qEcblAZYhg7PlAKRM55Z8+U1KN0g588QM:qfJAahgrxM55Z8+UoN0gb
Score

3^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Drops startup file

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32