e0bd876dc48c1b8fa3306c4c152f05c36676b13dd967de34528f4852bfa7cff1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-09_7a8e5bffa21db1f88ad33f62cafee307_mafia_qakbot
Size

867KB
Sample

240509-r4ycmsaa55
MD5

7a8e5bffa21db1f88ad33f62cafee307
SHA1

33618d074432ef6c083ae8dd9f5eae2e215134e7
SHA256

e0bd876dc48c1b8fa3306c4c152f05c36676b13dd967de34528f4852bfa7cff1
SHA512

81b4a058bc0c9a1826965620835ad4e22cf8eff912dcd479f3dd0c2931f49bc6fa3d2dd1da0752c99ef590042ed62ed7c01ac046b54ebef20474521b5d458b1d
SSDEEP

24576:j/61EbipgiXMqz0HBSvwke4MLx1sP+QuEAeK35JF:j/61ECgiDzNvwkbOx1hQuEG

Score

9^/10

evasion spyware stealer

Malware Config

Targets

- Target
  
  2024-05-09_7a8e5bffa21db1f88ad33f62cafee307_mafia_qakbot
- Size
  
  867KB
- MD5
  
  7a8e5bffa21db1f88ad33f62cafee307
- SHA1
  
  33618d074432ef6c083ae8dd9f5eae2e215134e7
- SHA256
  
  e0bd876dc48c1b8fa3306c4c152f05c36676b13dd967de34528f4852bfa7cff1
- SHA512
  
  81b4a058bc0c9a1826965620835ad4e22cf8eff912dcd479f3dd0c2931f49bc6fa3d2dd1da0752c99ef590042ed62ed7c01ac046b54ebef20474521b5d458b1d
- SSDEEP
  
  24576:j/61EbipgiXMqz0HBSvwke4MLx1sP+QuEAeK35JF:j/61ECgiDzNvwkbOx1hQuEG
Score

9^/10

evasion spyware stealer
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionspywarestealer

behavioral2

evasionspywarestealer