Overview

overview

9

Static

static

1

2024-05-27...ot.exe

windows7-x64

9

2024-05-27...ot.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-05-27_64c1d4387a0973aa7d5a989312ce8754_mafia_qakbot

  • Size

    885KB

  • Sample

    240527-gjkkyaba67

  • MD5

    64c1d4387a0973aa7d5a989312ce8754

  • SHA1

    59e56c4c9f8b3fe09d47a01289aba342e1b34be1

  • SHA256

    7caa0da0ccc56a5b38f0c4f7d86b6fb7239c79f8a06a5486948dc177d0ef00cd

  • SHA512

    b475da80690c0525422db2627073d3e10c1925d77cbbfa1ae460b6452aaf7b7b491d84022329725f333c29dfb605382c3c5ef929a39c2b4b76c187c458e02ddb

  • SSDEEP

    12288:qFluQIfi/C0T4mkdbWUhDHoDzf4Yzv2DLAfLwYXOBdzw6nPLhO8emCf4oGu94fSV:qVP/C0Umetu7XO4reBa6D8mCf4aFOG5

Score
9/10
evasionspywarestealer

Malware Config

Targets

    • Target

      2024-05-27_64c1d4387a0973aa7d5a989312ce8754_mafia_qakbot

    • Size

      885KB

    • MD5

      64c1d4387a0973aa7d5a989312ce8754

    • SHA1

      59e56c4c9f8b3fe09d47a01289aba342e1b34be1

    • SHA256

      7caa0da0ccc56a5b38f0c4f7d86b6fb7239c79f8a06a5486948dc177d0ef00cd

    • SHA512

      b475da80690c0525422db2627073d3e10c1925d77cbbfa1ae460b6452aaf7b7b491d84022329725f333c29dfb605382c3c5ef929a39c2b4b76c187c458e02ddb

    • SSDEEP

      12288:qFluQIfi/C0T4mkdbWUhDHoDzf4Yzv2DLAfLwYXOBdzw6nPLhO8emCf4oGu94fSV:qVP/C0Umetu7XO4reBa6D8mCf4aFOG5

    Score
    9/10
    evasionspywarestealer

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks