Overview

overview

9

Static

static

1

2024-09-11...ot.exe

windows7-x64

9

2024-09-11...ot.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    2024-09-11_1d672a294acd7714d770044dfb623e4a_mafia_qakbot

  • Size

    897KB

  • Sample

    240911-zwqxlasglq

  • MD5

    1d672a294acd7714d770044dfb623e4a

  • SHA1

    237e9b2dd50d56bd0a9f94ac549f7e09c81b67a1

  • SHA256

    d24ce0322b4d98e048e8664b5023c73f3fa81f30175c5737230c3ef9868ef409

  • SHA512

    125adbc91ddbb96f90503bded6db85c0de3947add88b270d987ff3ffee9915146b3de6077585280cd830dd731b9f9c2793730d1fbb036e1c1564111c87d198ab

  • SSDEEP

    24576:CM8o6+UKIAQh1i0MEN0nr9C9VPhIQjAfIgxq:v6+JUMEmZ8NhPAk

Score
9/10
discoveryevasionspywarestealer

Malware Config

Targets

    • Target

      2024-09-11_1d672a294acd7714d770044dfb623e4a_mafia_qakbot

    • Size

      897KB

    • MD5

      1d672a294acd7714d770044dfb623e4a

    • SHA1

      237e9b2dd50d56bd0a9f94ac549f7e09c81b67a1

    • SHA256

      d24ce0322b4d98e048e8664b5023c73f3fa81f30175c5737230c3ef9868ef409

    • SHA512

      125adbc91ddbb96f90503bded6db85c0de3947add88b270d987ff3ffee9915146b3de6077585280cd830dd731b9f9c2793730d1fbb036e1c1564111c87d198ab

    • SSDEEP

      24576:CM8o6+UKIAQh1i0MEN0nr9C9VPhIQjAfIgxq:v6+JUMEmZ8NhPAk

    Score
    9/10
    discoveryevasionspywarestealer

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks