G1657943988[.]zip | Triage

Submit
Reports

Overview

overview

Static

static

Card#4500.iso

windows7-x64

3

Card#4500.iso

windows10-2004-x64

3

CardS.lnk

windows7-x64

3

CardS.lnk

windows10-2004-x64

3

anticipations/cur.dll

windows7-x64

anticipations/cur.dll

windows10-2004-x64

anticipati...sh.cmd

windows7-x64

1

anticipati...sh.cmd

windows10-2004-x64

1

anticipati...eld.js

windows7-x64

3

anticipati...eld.js

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

Card#4500.iso

Resource

win7-20220812-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

Card#4500.iso

Resource

win10v2004-20220812-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral3

Sample

CardS.lnk

Resource

win7-20220901-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral4

Sample

CardS.lnk

Resource

win10v2004-20220812-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral5

Sample

anticipations/cur.dll

Resource

win7-20220812-en

qakbot bb 1664358901 banker stealer trojan

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral6

Sample

anticipations/cur.dll

Resource

win10v2004-20220812-en

qakbot bb 1664358901 banker stealer trojan

windows10-2004-x64

4 signatures

150 seconds

Behavioral task

behavioral7

Sample

anticipations/lardsRoughish.cmd

Resource

win7-20220901-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral8

Sample

anticipations/lardsRoughish.cmd

Resource

win10v2004-20220812-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral9

Sample

anticipations/malthusField.js

Resource

win7-20220812-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral10

Sample

anticipations/malthusField.js

Resource

win10v2004-20220812-en

windows10-2004-x64

0 signatures

150 seconds

General

Target

G1657943988.zip
Size

335KB
MD5

884707fb4d48409bb0a926bd2f03224d
SHA1

2c5a0e8cb09d3a92045aca8d8f7d92e59768491e
SHA256

49b5c0b94adaecbff5a4ce5e80122e469ac529a82d54e057c4f56b5d8951d9e8
SHA512

2cf9b99aade65457edf31cad5ee45a6fed464113589c1cdb69c672702f40d3ce0cd98811ff6e4fa53da98143ee7abd5d1f768412212f47f5dc6389113b73eeb1
SSDEEP

6144:VckwIXga7r0+DSlRmTgYmnOpLW4ukJJmOXruQS/0uqnJmP:VckwuDr0aS3m0OpPuZsuqwP

Score

N/A

Malware Config

Signatures

Files

G1657943988.zip
.zip

Password: H322
Card#4500.iso
.iso

Password: H322
CardS.lnk
.lnk
anticipations/cur.db
.dll windows x86

Password: H322

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 365KB - Virtual size: 365KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 284KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
anticipations/lardsRoughish.cmd
anticipations/malthusField.js
.js

© 2018-2025

Terms | Privacy