R908667946[.]zip | Triage

Submit
Reports

Overview

overview

Static

static

Contract.lnk

windows7-x64

3

Contract.lnk

windows10-2004-x64

3

publish/devisors.dll

windows7-x64

publish/devisors.dll

windows10-2004-x64

publish/ov...id.vbs

windows7-x64

3

publish/ov...id.vbs

windows10-2004-x64

1

publish/su...um.cmd

windows7-x64

1

publish/su...um.cmd

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

Contract.lnk

Resource

win7-20220812-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

Contract.lnk

Resource

win10v2004-20220901-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral3

Sample

publish/devisors.dll

Resource

win7-20220812-en

qakbot banker stealer trojan

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral4

Sample

publish/devisors.dll

Resource

win10v2004-20220901-en

qakbot banker stealer trojan

windows10-2004-x64

4 signatures

150 seconds

Behavioral task

behavioral5

Sample

publish/overtlyMadrid.vbs

Resource

win7-20220812-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral6

Sample

publish/overtlyMadrid.vbs

Resource

win10v2004-20220812-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral7

Sample

publish/subtleSanitarium.cmd

Resource

win7-20220812-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral8

Sample

publish/subtleSanitarium.cmd

Resource

win10v2004-20220901-en

windows10-2004-x64

0 signatures

150 seconds

General

Target

R908667946.zip
Size

444KB
MD5

216ea485c0b041da7f420656df46e294
SHA1

8c5bf25a39f4fee3ca27d1ef52ff3d699a4e7840
SHA256

6a3edbf94d91f31c8236bb86b0db665f3f36549de2bcd15b03ce4786c91f08b7
SHA512

956b93fb7502c49b1fe9d31c5efb1bbe92c3579f269f852a52e106a19b5dbe33082a301f011bc2772961fbe7f3547c40b4c9cc1f28000f7922600f1d7f5ac7cf
SSDEEP

6144:wRHJFGqN/47o1xrl47OtHFQnwOjxw9tZsyTw43kvVgqRF3SLRZV114ki1eyVu:Mpku/4cLBc4iGyuqV3FiLRZVycV

Score

N/A

Malware Config

Signatures

Files

R908667946.zip
.zip

Password: R871
Contract#8558.iso
.iso

Password: R871
Contract.lnk
.lnk
publish/depredating.txt
publish/devisors.dat
.dll windows x86

Password: R871

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 320KB - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 285KB - Virtual size: 285KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
publish/grandparents.txt
publish/overtlyMadrid.vbs
.vbs
publish/purge.jpg
.jpg
publish/subtleSanitarium.cmd
publish/thrusters.txt

© 2018-2025

Terms | Privacy