Overview

overview

10

Static

static

VV.lnk

windows7-x64

10

VV.lnk

windows10-2004-x64

10

lab/competitive.dll

windows7-x64

10

lab/competitive.dll

windows10-2004-x64

10

lab/greenery.cmd

windows7-x64

1

lab/greenery.cmd

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    VV1781.iso

  • Size

    790KB

  • Sample

    221025-nlkr2scecq

  • MD5

    8ed43963842e7787f4343dcd687d5bca

  • SHA1

    c471fd7ac41954ae153a80b3ac6a9ff4d8348e88

  • SHA256

    2ea4a463ee898710a67ec26f9c27e86c211b2fb8f7ed79e4926bb19119e9402c

  • SHA512

    808fc1f13a0e6ed91419dc7f025bcc556c0392ba7c704f1735f7d56b6c6a13f21d26b3413ff3e80ebde6967e11e50941c0c9d03e281a8947d2145a8b6a6125f8

  • SSDEEP

    12288:xZvx07iKfDISZYRobaZ0UrIBfUQ0eIFM4W+QnwldJOCP6HlD5:xta1DjZBBAgdIM4K6dMCSHl

Score
10/10
qakbotbb041666691039bankerstealertrojan

Malware Config

Extracted

Family

qakbot

Version

403.1051

Botnet

BB04

Campaign

1666691039

C2

181.164.194.228:443

24.116.45.121:443

190.74.248.136:443

24.206.27.39:443

27.110.134.202:995

2.88.206.121:443

71.199.168.185:443

200.233.108.153:995

198.2.51.242:993

172.117.139.142:995

70.115.104.126:443

144.202.15.58:443

190.24.45.24:995

24.9.220.167:443

58.247.115.126:995

193.3.19.137:443

45.230.169.132:995

68.62.199.70:443

43.241.159.238:443

113.162.196.232:443
Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      VV.lnk

    • Size

      1KB

    • MD5

      6a1d4c9d6e0460cd4798b46e69c18db8

    • SHA1

      6fee76fbaa4258205f73a622d1ba51bb35e655c2

    • SHA256

      9484e3d6cceeb6851d2d65b8939df4c3ac0b078d915989d545b8368dbdcc76b3

    • SHA512

      c3bfcde135c025ddc3fee73dfee892ed94b0970976354194f684f88edb8e819c9bac3e3ad2c256ffe71fd47a29b72ecc704f7a3932d9698465e78505a829bacc

    Score
    10/10
    qakbotbb041666691039bankerstealertrojan

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      lab/competitive.dat

    • Size

      728KB

    • MD5

      29e572000dd232365c4ce9566d220c9a

    • SHA1

      e697100ecf834a599c95ec71d33c1f5e52b18b02

    • SHA256

      0ec25b0db6bd1466458d898121de430e110ff3bcb870afac634240de027ab43a

    • SHA512

      b7ef29208a22c44fd3b6b9c848b78486bcd6b48b98cef65e9019cfcb3e9fb400d2c105b5e9ccf9a99ea2fba91ba7ddaf1277a1f544a8dbba12cbba2973bddc30

    • SSDEEP

      12288:9Zvx07iKfDISZYRobaZ0UrIBfUQ0eIFM4W+QnwldJOCP6HlD5:9ta1DjZBBAgdIM4K6dMCSHl

    Score
    10/10
    qakbotbb041666691039bankerstealertrojan
    behavioral3behavioral4

    • Target

      lab/greenery.cmd

    • Size

      615B

    • MD5

      62748e23ce2d9e3f2bdb1f4ad22d8517

    • SHA1

      e3ea7c9eaafbeb0bf4a52a8c3fcc50c238c76d6c

    • SHA256

      496a9788bcf096f47e9dc82c7e3a2c1d3d713247bb99c2a4f9d9cb4093a37ce9

    • SHA512

      d93e1b14b3d31606f1dc04e9f42f4aff4609714506f734bd4e8fdb9594c89f54df9c60ecd1129a95872fc4b42571e3eca43cda53f602d3fa298877b0d42dd3f7

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Enterprise v6

Tasks