J9[.]zip | Triage

Submit
Reports

Overview

overview

Static

static

SK.js

windows7-x64

SK.js

windows10-2004-x64

manacle/wined.dll

windows7-x64

manacle/wined.dll

windows10-2004-x64

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

SK.js

Resource

win7-20220812-en

qakbot bb06 1668752705 banker stealer trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

SK.js

Resource

win10v2004-20221111-en

qakbot bb06 1668752705 banker stealer trojan

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral3

Sample

manacle/wined.dll

Resource

win7-20220812-en

qakbot bb06 1668752705 banker stealer trojan

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral4

Sample

manacle/wined.dll

Resource

win10v2004-20221111-en

qakbot bb06 1668752705 banker stealer trojan

windows10-2004-x64

4 signatures

150 seconds

General

Target

J9.zip
Size

362KB
MD5

190c786bca1bd89e856f2760c33596bc
SHA1

dceb758742fa6eec6e9ae98e2dbcfdf8b7a4a0c1
SHA256

3b82d74f50dc7ebf5236aa37ecd6d70229715a8b3ae79562100a7d3b7905919c
SHA512

83f1157d30490dde4a27c81ee5c28a6e3903ee0f07936a6de72654d50d935f82bf24e9590c26c33bb4c39244faffcc3abb753e52de1cef4185e814ad54b9b463
SSDEEP

6144:OgFfJcxQP84hPdO+cDA9W1KcPmo4DryTFSX+5yBY9IF+g173Bqo5C2PzIvy886:Og1JrP84hPdhcq0mokycuAuOxB3k2PzO

Score

N/A

Malware Config

Signatures

Files

J9.zip
.zip

Password: SK16
OB76.zip
.zip

Password: SK16
OB76.img
.iso .vbs

Password: SK16
SK.js
.js .vbs
data.txt
manacle/hinged.txt
manacle/unquestioningly.txt
manacle/wined.temp
.dll regsvr32 windows x86

Password: SK16

b121f840f8c504d34a3856981e588e27

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CreateFileA
FindClose
FindFirstFileA
FindNextFileA
GetFileAttributesA
GetFileSize
GetFileType
ReadFile
CloseHandle
GetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateThread
GetCurrentThreadId
OpenThread
SuspendThread
MapViewOfFile
GetModuleFileNameA
CreateFileMappingA
CreateNamedPipeA
WaitNamedPipeA

Exports

Exports

DllRegisterServer

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 163KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

© 2018-2024

Terms | Privacy