8b9645288cef7f732104914779ea0aa46e918687d6b9bc7ee1fba95cbf5eb61e | Triage

Sharing

General

Target

2024-05-25_541c9a2c7fa4569aae5bb0e60848ec06_mafia_qakbot
Size

886KB
Sample

240525-bafmqshb39
MD5

541c9a2c7fa4569aae5bb0e60848ec06
SHA1

fde1fbe34d8d0015f97d4c050ff8afc0656e141f
SHA256

8b9645288cef7f732104914779ea0aa46e918687d6b9bc7ee1fba95cbf5eb61e
SHA512

057a0488aa6a0486c103cd3826c6eb9b2d259312d86cc34b42a1251cee59713fc0080ae8b61cb985751d5ef0dcd89df411883ba09f72b26817f51f82b8accfb3
SSDEEP

24576:ROf6bQl8CqETla+mf8qxh0WbS/fu0HY66Lv54yk:ROfsCBlakutbS/fub66L+x

Score

9^/10

evasion spyware stealer

Malware Config

Targets

- Target
  
  2024-05-25_541c9a2c7fa4569aae5bb0e60848ec06_mafia_qakbot
- Size
  
  886KB
- MD5
  
  541c9a2c7fa4569aae5bb0e60848ec06
- SHA1
  
  fde1fbe34d8d0015f97d4c050ff8afc0656e141f
- SHA256
  
  8b9645288cef7f732104914779ea0aa46e918687d6b9bc7ee1fba95cbf5eb61e
- SHA512
  
  057a0488aa6a0486c103cd3826c6eb9b2d259312d86cc34b42a1251cee59713fc0080ae8b61cb985751d5ef0dcd89df411883ba09f72b26817f51f82b8accfb3
- SSDEEP
  
  24576:ROf6bQl8CqETla+mf8qxh0WbS/fu0HY66Lv54yk:ROfsCBlakutbS/fub66L+x
Score

9^/10

evasion spyware stealer
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionspywarestealer

behavioral2

evasionspywarestealer