8a5658fe5aae0d3c0d9c882a2c212ec855f6059a438ca9382430f06ab7ea08fd

Sharing

Copy URL

Twitter E-mail

General

Target

qyd priv.rar
Size

52.9MB
Sample

240911-ws75xsvhkf
MD5

5e42ae42fd9f077310b3499d2a2958c7
SHA1

b100d4824f45696294f74cd0f344cb1937b63316
SHA256

8a5658fe5aae0d3c0d9c882a2c212ec855f6059a438ca9382430f06ab7ea08fd
SHA512

8c4032d4b5d2b02aaf9f732eb09f9b8301ed47627f1f994d83e34a1cc7de26ddafa00d6b65594e56fbd205f76d5bbd6de33963783c5636ac28f907f7518756db
SSDEEP

1572864:xKdZhPvICyqLtk2Id8abVfhUdo8gcwuM72q+whGZnV:xKBnYolIdPbVpuo8gB2q9hGJV

Score

8^/10

Malware Config

Targets

- Target
  
  qyd priv.rar
- Size
  
  52.9MB
- MD5
  
  5e42ae42fd9f077310b3499d2a2958c7
- SHA1
  
  b100d4824f45696294f74cd0f344cb1937b63316
- SHA256
  
  8a5658fe5aae0d3c0d9c882a2c212ec855f6059a438ca9382430f06ab7ea08fd
- SHA512
  
  8c4032d4b5d2b02aaf9f732eb09f9b8301ed47627f1f994d83e34a1cc7de26ddafa00d6b65594e56fbd205f76d5bbd6de33963783c5636ac28f907f7518756db
- SSDEEP
  
  1572864:xKdZhPvICyqLtk2Id8abVfhUdo8gcwuM72q+whGZnV:xKBnYolIdPbVpuo8gB2q9hGJV
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  qyd priv pred/READ ME.txt
- Size
  
  1KB
- MD5
  
  f8c33fbdf52fac5f85dd135e4ed4757c
- SHA1
  
  0872e2c4b094c6df92fe256b08fca945b6b831ee
- SHA256
  
  799c1cc306480bc26cc1d68ae4f4173ce0f2768f11bcb491e112a413680e4fff
- SHA512
  
  4ca883de262660ddd8e65d61f858cc40466cc70451de9ec2537e39bc400724f6584edced44c21045f23e6eee5415708050eee78b426dba6e0d3b288902c909b7
Score

1^/10
behavioral3 behavioral4
- Target
  
  qyd priv pred/qpred-setup.exe
- Size
  
  83.3MB
- MD5
  
  53e4003e2f973d76d725327f9a00374c
- SHA1
  
  396988c2a64b24f82c16b075430acfef8fb2e45b
- SHA256
  
  b17cb39f3d9da2e11a0f098e075fbd104327cbcf2143ccee63fb1510810a9d09
- SHA512
  
  0e45f43153c4ea80a50fffd1a29ff953d589f30f0f0866a05a3e7f594bc95e8f8b579d24f48c397d3e871df280abb1eacccd65b39447cbf9d0d33d14e42f7bda
- SSDEEP
  
  1572864:IKB7vFQqMrlpA+Ql4OdHxTivfSioqiASrrIo:IKBJykl9Hxen1obr0
Score

8^/10

credential_access discovery execution spyware stealer upx
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral5 behavioral6
- Target
  
  loader-o.pyc
- Size
  
  61KB
- MD5
  
  4da1c2751b1ab14235592b98665387e3
- SHA1
  
  e80b3e2288b4a56bb16613297c0145375769d023
- SHA256
  
  1c492f435f72342a73511d72a4ec41cb314789d46cb0a4a9e4adc7ddb5883c97
- SHA512
  
  a0fccc1d2f66c90234156c6c6945301ff7e96a863a83a42d64eacf5b3338d8e4f8f8996728024c84018ef001ec7b17f5b4106cf8fde096fcad80be03d2c300e0
- SSDEEP
  
  768:lU5RsdBJeuqUIx4Lc11n/ijkGIVY48maOFJfuuc9oLmgj3nHvVZ0FC:lU5RCJeupLc1JKiG4/a2J2uc9ojjXvf
Score

3^/10
behavioral7 behavioral8