Overview

overview

9

Static

static

1

2024-09-11...ot.exe

windows7-x64

9

2024-09-11...ot.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    2024-09-11_5caec288b2c54633083f1b9cc80e627d_mafia_qakbot

  • Size

    897KB

  • Sample

    240911-zx14ysshjn

  • MD5

    5caec288b2c54633083f1b9cc80e627d

  • SHA1

    921485008a4df0a7f0969d654913919f3aab3a35

  • SHA256

    9149e17b7ab3331627adcf798b4dd7829a029f9c25176692ca7a886c0a822dbd

  • SHA512

    d8db3f8124fcbfc7687f7107113fc3e4fbacca9a5b1b72aaa1e093c44198aa6430f747b621781ca4bd107c77525e1abcdef929fdbec63bb68c4af09ddb232ba7

  • SSDEEP

    24576:yPT80SR76+GxaDhSDdrdpgukMjK/k//M8:F0SROiSDNgujKa

Score
9/10
discoveryevasionspywarestealer

Malware Config

Targets

    • Target

      2024-09-11_5caec288b2c54633083f1b9cc80e627d_mafia_qakbot

    • Size

      897KB

    • MD5

      5caec288b2c54633083f1b9cc80e627d

    • SHA1

      921485008a4df0a7f0969d654913919f3aab3a35

    • SHA256

      9149e17b7ab3331627adcf798b4dd7829a029f9c25176692ca7a886c0a822dbd

    • SHA512

      d8db3f8124fcbfc7687f7107113fc3e4fbacca9a5b1b72aaa1e093c44198aa6430f747b621781ca4bd107c77525e1abcdef929fdbec63bb68c4af09ddb232ba7

    • SSDEEP

      24576:yPT80SR76+GxaDhSDdrdpgukMjK/k//M8:F0SROiSDNgujKa

    Score
    9/10
    discoveryevasionspywarestealer

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks