Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Details4373.iso

  • Size

    724KB

  • Sample

    221031-mw29eaafg3

  • MD5

    c5c8f78c469c4f9eb90712e9b0214e4c

  • SHA1

    672a55028d94fe8983360323cd68445f3090b2ac

  • SHA256

    566a9acc2dc021dea88e87291b6a384066ac91b4b04cb4cb13dbe69287f982a9

  • SHA512

    11cf23e27632a16f650697009d51789c05656a376da535d70d7d5698a1d7a1bd52a55539211afe6e068201b0e216541aefd8496b965ff19ce166c0752f884b9b

  • SSDEEP

    12288:u3wdOcUwDOMHHCgOWeOaqdD/sblafl4M/8toGXJZ6diNjqo8Ywr6t57AKC:Ow4wrHHCgOWeOaqdclafl4eGXuiNZ8Y8

Malware Config

Extracted

Family

qakbot

Version

404.2

Botnet

BB04

Campaign

1666863946

C2

27.110.134.202:995

1.156.220.47:17155

186.188.80.134:443

1.190.199.101:9480

187.1.1.181:42178

118.200.83.226:443

187.0.1.144:51727

193.3.19.137:443

1.201.68.209:12157

188.49.56.189:443

187.0.1.14:58271

190.74.248.136:443

201.210.92.3:2222

187.0.1.105:40325

64.123.103.123:443

41.97.169.44:443

72.88.245.71:443

187.0.1.45:59049

41.100.163.127:443

187.0.1.83:62527

Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      Details.lnk

    • Size

      1KB

    • MD5

      650ab02e3958983f7f94f53f5f7577ad

    • SHA1

      67f7feb7162ed825e27c69d36435fa9976fddd75

    • SHA256

      6793028a0e990e74e4283d13a1ca3f4f41f3917eb38ce43b9baebe8e040b4ee2

    • SHA512

      ea96c138ea9d262df35e0d70af6531e1a6246796e5ee4118718555ff88af7c76fc92dc40b1c4ea015772cd2c18fb95d6eb9d7200ab5e07b2ec09482a46b80c06

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Target

      disallowable/missives.cmd

    • Size

      384B

    • MD5

      cc23679a6d228423e5425de92a61818f

    • SHA1

      b44361210f5717575cacd871deda59ae14bb052a

    • SHA256

      0d54088373e1d0ff51f7f9b90ddaf3cc2c973dc7d5b1d5b5ef18a2e496a1059e

    • SHA512

      c404ed7fffd1c0a62aef71b840b357d9044e16a73ab452b7dc5600d2cb8d25e5c4b152cbbdb461aecaa90ae76e3dfa9a3a9ff72a687116c64da9d379dbf6191d

    Score
    1/10
    • Target

      disallowable/unstrap.dat

    • Size

      422KB

    • MD5

      a989f5efe8fa1653bb98b7c2265900af

    • SHA1

      f5925cf7d38626d13694ef180e811f25ae583cf6

    • SHA256

      5679c1eedb7d456cd5dd32cba5bed141787d354a384f4961f16bd96eb2ea383b

    • SHA512

      b8af781775c310ae4442d6d3f766b86e196da277e3ed1496e47d2103f469c42f4d74df917811cc505eb1c9ff3063ceee5257041ebd3018ce27260d85cef62c0c

    • SSDEEP

      12288:eqdD/sblafl4M/8toGXJZ6diNjqo8Ywr6t57AKC:eqdclafl4eGXuiNZ8Ye6c

MITRE ATT&CK Enterprise v6

Tasks