General
-
Target
quail.exe
-
Size
17.0MB
-
Sample
240406-cqldlahf95
-
MD5
5ddba3b6dec217354b979ddb3b347c69
-
SHA1
ba36b602b534cf00b2639d0862182a31b6bf45da
-
SHA256
bab16c4e1d5acbd675b68910f61fd65cf57b630eae17970d4de2b2c733991263
-
SHA512
13c324ad730a15d64b86ca8a90a2819fe000ff6960a52dbd1259fe794d5d74f84365ff0da883305f66b547120b7a83b6213bdc3d6ea29e128d3eef308d40f736
-
SSDEEP
393216:qJEkZgf8PRP8AxYDX1+TtIiFGuvB5IjWqn6eclzQDyxXUd+d:qJRbPaX71QtIZS3ILn6ecmyq+d
Malware Config
Targets
-
-
Target
quail.exe
-
Size
17.0MB
-
MD5
5ddba3b6dec217354b979ddb3b347c69
-
SHA1
ba36b602b534cf00b2639d0862182a31b6bf45da
-
SHA256
bab16c4e1d5acbd675b68910f61fd65cf57b630eae17970d4de2b2c733991263
-
SHA512
13c324ad730a15d64b86ca8a90a2819fe000ff6960a52dbd1259fe794d5d74f84365ff0da883305f66b547120b7a83b6213bdc3d6ea29e128d3eef308d40f736
-
SSDEEP
393216:qJEkZgf8PRP8AxYDX1+TtIiFGuvB5IjWqn6eclzQDyxXUd+d:qJRbPaX71QtIZS3ILn6ecmyq+d
Score7/10-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-