99b0d32342cba33695bc83511e2f9de166580d7de5bced330ce7a0a32493b3f7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-27_67ba6a3d2395282af71c0f492929e3af_mafia_qakbot
Size

867KB
Sample

240627-gpy1hsyaqj
MD5

67ba6a3d2395282af71c0f492929e3af
SHA1

d5cfaf572f54f45ef2ad37ef524fe3a7acc42203
SHA256

99b0d32342cba33695bc83511e2f9de166580d7de5bced330ce7a0a32493b3f7
SHA512

0e143081d09ad9c69ac10e0a5a3b0f9ee7b409b1a54fc05921c15c664f09d6ccdfb6f74e0f85bb8d8be1870f499c3de209be211c6a8828830845b3cbfaf38624
SSDEEP

24576:i/61EbipgiXMqz0HBSvwke4MLx1sc+QuEAeK35pY:i/61ECgiDzNvwkbOx1aQuEb

Score

9^/10

evasion spyware stealer

Malware Config

Targets

- Target
  
  2024-06-27_67ba6a3d2395282af71c0f492929e3af_mafia_qakbot
- Size
  
  867KB
- MD5
  
  67ba6a3d2395282af71c0f492929e3af
- SHA1
  
  d5cfaf572f54f45ef2ad37ef524fe3a7acc42203
- SHA256
  
  99b0d32342cba33695bc83511e2f9de166580d7de5bced330ce7a0a32493b3f7
- SHA512
  
  0e143081d09ad9c69ac10e0a5a3b0f9ee7b409b1a54fc05921c15c664f09d6ccdfb6f74e0f85bb8d8be1870f499c3de209be211c6a8828830845b3cbfaf38624
- SSDEEP
  
  24576:i/61EbipgiXMqz0HBSvwke4MLx1sc+QuEAeK35pY:i/61ECgiDzNvwkbOx1aQuEb
Score

9^/10

evasion spyware stealer
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionspywarestealer

behavioral2

evasionspywarestealer