Agreement_PHJ80[.]iso | Triage

Submit
Reports

Overview

overview

Static

static

Agreement.js

windows7-x64

Agreement.js

windows10-2004-x64

data.txt

windows7-x64

1

data.txt

windows10-2004-x64

1

debunked/b...ht.dll

windows7-x64

debunked/b...ht.dll

windows10-2004-x64

debunked/helixes.txt

windows7-x64

1

debunked/helixes.txt

windows10-2004-x64

1

debunked/intrepid.txt

windows7-x64

1

debunked/intrepid.txt

windows10-2004-x64

1

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

Agreement.js

Resource

win7-20221111-en

qakbot obama223 1668757345 banker stealer trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

Agreement.js

Resource

win10v2004-20221111-en

qakbot obama223 1668757345 banker stealer trojan

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral3

Sample

data.txt

Resource

win7-20220812-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral4

Sample

data.txt

Resource

win10v2004-20221111-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral5

Sample

debunked/backlight.dll

Resource

win7-20220812-en

qakbot obama223 1668757345 banker stealer trojan

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral6

Sample

debunked/backlight.dll

Resource

win10v2004-20220812-en

qakbot obama223 1668757345 banker stealer trojan

windows10-2004-x64

4 signatures

150 seconds

Behavioral task

behavioral7

Sample

debunked/helixes.txt

Resource

win7-20221111-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral8

Sample

debunked/helixes.txt

Resource

win10v2004-20221111-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral9

Sample

debunked/intrepid.txt

Resource

win7-20220901-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral10

Sample

debunked/intrepid.txt

Resource

win10v2004-20220812-en

windows10-2004-x64

1 signatures

150 seconds

General

Target

Agreement_PHJ80.iso
Size

662KB
MD5

c640f8bfe8a37062bbf8be1a7d12e4c4
SHA1

23facb20ba47678cff2b2eb2be53856d566e1ed5
SHA256

9bc744e3d3ddcca24a8dd61ac04c1a8e87eea8c5fc2fb245d96759b29ebd7209
SHA512

ecb61ccfc28be28887e1c50425f6df882d46b161b84164e868f1c9b1a52b1a5cfc897ac0ab9b0101e980196c860d76d2d9bafd0f0baf8a3b981382495d02b89b
SSDEEP

12288:oN/6E1YF7P01JSdCLjqa/9nNdMxgligH8QLxwOQH:oN/6VP0/Ssfh9nUMFLxSH

Score

N/A

Malware Config

Signatures

Files

Agreement_PHJ80.iso
.iso .vbs
Agreement.js
.js .vbs
data.txt
debunked/backlight.temp
.dll regsvr32 windows x86

b121f840f8c504d34a3856981e588e27

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CreateFileA
FindClose
FindFirstFileA
FindNextFileA
GetFileAttributesA
GetFileSize
GetFileType
ReadFile
CloseHandle
GetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateThread
GetCurrentThreadId
OpenThread
SuspendThread
MapViewOfFile
GetModuleFileNameA
CreateFileMappingA
CreateNamedPipeA
WaitNamedPipeA

Exports

Exports

DllRegisterServer

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
debunked/helixes.txt
debunked/intrepid.txt

© 2018-2024

Terms | Privacy