hxxps://qsearch[.]io/index[.]php?rgid=895053&sub=gclid&gclid=CjwKCAiArLyuBhA7EiwA-qo80Fl0vnsy2OHsUXJJGYnKG_j2lxNW8Qn-qg0DZho6zscM5vaEKYSkDhoCYOwQAvD_BwE - Google Search | Triage

Resubmissions

22/02/2024, 02:40

240222-c51rtsbc58 7

22/02/2024, 02:22

240222-ctqgqaad9v 7

22/02/2024, 02:21

240222-cs1ajaad8w 1

22/02/2024, 02:18

240222-crhn4aad6z 1

22/02/2024, 02:17

240222-cqrwdaad51 1

22/02/2024, 02:15

240222-cptctaah68 1

22/02/2024, 02:13

240222-cnv51sad4t 1

22/02/2024, 02:11

240222-cmr2zaad3x 1

22/02/2024, 02:11

240222-cmaspaad3t 1

Sharing

General

Target

https://qsearch.io/index.php?rgid=895053&sub=gclid&gclid=CjwKCAiArLyuBhA7EiwA-qo80Fl0vnsy2OHsUXJJGYnKG_j2lxNW8Qn-qg0DZho6zscM5vaEKYSkDhoCYOwQAvD_BwE - Google Search
Sample

240222-c51rtsbc58

Score

7^/10

antivm linux spyware stealer

Malware Config

Targets

- Target
  
  https://qsearch.io/index.php?rgid=895053&sub=gclid&gclid=CjwKCAiArLyuBhA7EiwA-qo80Fl0vnsy2OHsUXJJGYnKG_j2lxNW8Qn-qg0DZho6zscM5vaEKYSkDhoCYOwQAvD_BwE - Google Search
Score

7^/10

antivm spyware stealer
- Changes its process name
- Reads user data of web browsers
  Reads stored browser data which can include saved credentials.
  spyware stealer
- Checks CPU configuration
  Checks CPU information which indicate if the system is a virtual machine.
  antivm
- Reads CPU attributes
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

urlscan1

behavioral1

antivmspywarestealer

behavioral2

behavioral3

behavioral4