763d0d87ee55ccd133d80f4fffb15c6d4d0912ca50c2cbad91b68c713d26ea95 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-30_854200bb1f534dbe5ca03157fdcf1b3f_mafia_qakbot
Size

886KB
Sample

240530-vrg2nsfh66
MD5

854200bb1f534dbe5ca03157fdcf1b3f
SHA1

2bc666276c07b288f3f01741946e2f82a931d7bd
SHA256

763d0d87ee55ccd133d80f4fffb15c6d4d0912ca50c2cbad91b68c713d26ea95
SHA512

fa30851dfb58332277f2e75f504742b5ceb0c6cf90c43e9508aad9cbeb78fc5c6131d505b1c5524082be937369b4ec4a56701af03d3a81de95af7e2613d6ee07
SSDEEP

24576:rOf6bQl8CqETla+mf8qxh0WbS/fu0yY66Lv54y1h:rOfsCBlakutbS/fuS66L+Uh

Score

9^/10

evasion spyware stealer

Malware Config

Targets

- Target
  
  2024-05-30_854200bb1f534dbe5ca03157fdcf1b3f_mafia_qakbot
- Size
  
  886KB
- MD5
  
  854200bb1f534dbe5ca03157fdcf1b3f
- SHA1
  
  2bc666276c07b288f3f01741946e2f82a931d7bd
- SHA256
  
  763d0d87ee55ccd133d80f4fffb15c6d4d0912ca50c2cbad91b68c713d26ea95
- SHA512
  
  fa30851dfb58332277f2e75f504742b5ceb0c6cf90c43e9508aad9cbeb78fc5c6131d505b1c5524082be937369b4ec4a56701af03d3a81de95af7e2613d6ee07
- SSDEEP
  
  24576:rOf6bQl8CqETla+mf8qxh0WbS/fu0yY66Lv54y1h:rOfsCBlakutbS/fuS66L+Uh
Score

9^/10

evasion spyware stealer
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionspywarestealer

behavioral2

evasionspywarestealer