OB76[.]zip | Triage

Submit
Reports

Overview

overview

Static

static

SK.js

windows7-x64

SK.js

windows10-2004-x64

manacle/wined.dll

windows7-x64

manacle/wined.dll

windows10-2004-x64

Resubmissions

18-11-2022 14:32

221118-rwm7psde3t 10

18-11-2022 14:26

221118-rrwchshe83 10

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

SK.js

Resource

win7-20220901-en

qakbot bb06 1668752705 banker stealer trojan

windows7-x64

9 signatures

600 seconds

Behavioral task

behavioral2

Sample

SK.js

Resource

win10v2004-20221111-en

qakbot bb06 1668752705 banker stealer trojan

windows10-2004-x64

10 signatures

600 seconds

Behavioral task

behavioral3

Sample

manacle/wined.dll

Resource

win7-20220812-en

qakbot bb06 1668752705 banker stealer trojan

windows7-x64

8 signatures

600 seconds

Behavioral task

behavioral4

Sample

manacle/wined.dll

Resource

win10v2004-20221111-en

qakbot bb06 1668752705 banker stealer trojan

windows10-2004-x64

8 signatures

600 seconds

General

Target

OB76.zip
Size

362KB
MD5

f860cc2f0664f9a86d87058f02aa8a42
SHA1

b37f6be3df4e13f0183ef586bba5e4a42924a675
SHA256

4153a179adec63180997585a07dcd08b374781ca73c3b649173976d3d0078b96
SHA512

64c434edb56d3d056d27b82d750054ea9a4011587e8f97cb3b4be8365b7fed6b25c6676de2920c9e01a0a091199b2b3c0da3e7b8788bd3f0be65f68070378c0b
SSDEEP

6144:ggFfJcxQP84hPdO+cDA9W1KcPmo4DryTFSX+5yBY9IF+g173Bqo5C2PzIvy88c:gg1JrP84hPdhcq0mokycuAuOxB3k2Pzo

Score

N/A

Malware Config

Signatures

Files

OB76.zip
.zip

Password: SK16
OB76.img
.iso .vbs

Password: SK16
SK.js
.js .vbs
data.txt
manacle/hinged.txt
manacle/unquestioningly.txt
manacle/wined.temp
.dll regsvr32 windows x86

Password: SK16

b121f840f8c504d34a3856981e588e27

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CreateFileA
FindClose
FindFirstFileA
FindNextFileA
GetFileAttributesA
GetFileSize
GetFileType
ReadFile
CloseHandle
GetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateThread
GetCurrentThreadId
OpenThread
SuspendThread
MapViewOfFile
GetModuleFileNameA
CreateFileMappingA
CreateNamedPipeA
WaitNamedPipeA

Exports

Exports

DllRegisterServer

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 163KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

© 2018-2024

Terms | Privacy