General
-
Target
QBAGDAQ.html
-
Size
2.7MB
-
Sample
220929-wkd7wacefl
-
MD5
081b0db95177c46330d35f2b57937526
-
SHA1
316f79d3ddd9325476ce52318c2aaae011316897
-
SHA256
1227762670b7f30a26b51d681acad249a14986f375f5d659ef36e25e4e8bef1b
-
SHA512
e84ebf6d234e8a909887093fd0b33dc7e4b158b03012fc9863ac9e73e5381aefc554d96d45562e5cf75eda7b4d0c2652f87ec2d16d584318acab6b9b3bf49b60
-
SSDEEP
49152:JoAbBbTsYtX9jHCj2D1WCA4R8oq4eNJ/V/:X1W
Static task
static1
Behavioral task
behavioral1
Sample
QBAGDAQ.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
QBAGDAQ.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
raccoon
9b19cf60d9bdf65b8a2495aa965456c3
http://5.2.70.65/
Targets
-
-
Target
QBAGDAQ.html
-
Size
2.7MB
-
MD5
081b0db95177c46330d35f2b57937526
-
SHA1
316f79d3ddd9325476ce52318c2aaae011316897
-
SHA256
1227762670b7f30a26b51d681acad249a14986f375f5d659ef36e25e4e8bef1b
-
SHA512
e84ebf6d234e8a909887093fd0b33dc7e4b158b03012fc9863ac9e73e5381aefc554d96d45562e5cf75eda7b4d0c2652f87ec2d16d584318acab6b9b3bf49b60
-
SSDEEP
49152:JoAbBbTsYtX9jHCj2D1WCA4R8oq4eNJ/V/:X1W
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-