0d055d602cf947aaeb575e8252466d83d851937e6c3c861b86a374bce8dda33f | Triage

Sharing

General

Target

qbotagain.js
Size

114KB
Sample

220913-njnqxsfea4
MD5

c030a938b6bebf1c124656ca120c741a
SHA1

bd869324ed7bd891ffd4d9907c890e7635e121a5
SHA256

0d055d602cf947aaeb575e8252466d83d851937e6c3c861b86a374bce8dda33f
SHA512

971776f1fed61bb48b5c902a9bd4d32d8282be18840c2c003ff57202acff9a825b5dc13c4e0e43047a4b818943af80068d183e3be8eea68a858c00c4d7731913
SSDEEP

1536:Vhoco1LtLgG4c3rWpY0Ji9oW/Vb5g8oXe4ntHJQQfzWZiZZuYoVzm+QUklu8uWzd:Ve6c6pYb9bx3sHCvVz4u8PzNrnc

Score

8^/10

Malware Config

Targets

- Target
  
  qbotagain.js
- Size
  
  114KB
- MD5
  
  c030a938b6bebf1c124656ca120c741a
- SHA1
  
  bd869324ed7bd891ffd4d9907c890e7635e121a5
- SHA256
  
  0d055d602cf947aaeb575e8252466d83d851937e6c3c861b86a374bce8dda33f
- SHA512
  
  971776f1fed61bb48b5c902a9bd4d32d8282be18840c2c003ff57202acff9a825b5dc13c4e0e43047a4b818943af80068d183e3be8eea68a858c00c4d7731913
- SSDEEP
  
  1536:Vhoco1LtLgG4c3rWpY0Ji9oW/Vb5g8oXe4ntHJQQfzWZiZZuYoVzm+QUklu8uWzd:Ve6c6pYb9bx3sHCvVz4u8PzNrnc
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2