Overview

overview

10

Static

static

AH-703.iso

windows7-x64

3

AH-703.iso

windows10-2004-x64

3

AS.js

windows7-x64

10

AS.js

windows10-2004-x64

10

fix/adjutant.js

windows7-x64

3

fix/adjutant.js

windows10-2004-x64

7

fix/data.txt

windows7-x64

1

fix/data.txt

windows10-2004-x64

1

fix/hypers...ss.ps1

windows7-x64

1

fix/hypers...ss.ps1

windows10-2004-x64

1

Resubmissions

28-11-2022 19:10

221128-xvd6ashh56 10

28-11-2022 19:09

221128-xtsmashh23 10

28-11-2022 15:04

221128-sf2wlacc29 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    AH-703.iso

  • Size

    690KB

  • Sample

    221128-xtsmashh23

  • MD5

    af9275a091121de13eaed391a65b620b

  • SHA1

    17734a19fd3e944d207509bb1e178ad776651682

  • SHA256

    078d03f798ce2c658d0fc1267ba141e836ca618e136c8f01b778f1e8bfb3721b

  • SHA512

    33ce1006aab78e809380df98b9aa7f241953e377bdf826830485f0a0a28ae50798ba185c94e3fba0ea6cbb9ca69f882a21c7600b84c38002f4a46ce60ca0bc92

  • SSDEEP

    12288:nm1Mcw5EO6dHvDe0P3lx5EBto8BkfzNbuTyGrC6N2c2mcsAMzRGBRA4cZD:UMFEO6dHvDe0P335EXpUNSleQ2cYCGLc

Score
10/10
qakbotbb081669628564bankerstealertrojan

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

BB08

Campaign

1669628564

C2

98.147.155.235:443

85.52.73.34:2222

75.158.15.211:443

2.91.184.252:995

92.106.70.62:2222

85.152.152.46:443

86.159.48.25:2222

217.128.91.196:2222

92.11.189.236:2222

83.92.85.93:443

2.83.62.105:443

93.24.192.142:20

76.20.42.45:443

24.64.114.59:2078

73.36.196.11:443

130.43.99.103:995

172.117.139.142:995

100.16.107.117:443

12.172.173.82:22

176.151.15.101:443
Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      AH-703.iso

    • Size

      690KB

    • MD5

      af9275a091121de13eaed391a65b620b

    • SHA1

      17734a19fd3e944d207509bb1e178ad776651682

    • SHA256

      078d03f798ce2c658d0fc1267ba141e836ca618e136c8f01b778f1e8bfb3721b

    • SHA512

      33ce1006aab78e809380df98b9aa7f241953e377bdf826830485f0a0a28ae50798ba185c94e3fba0ea6cbb9ca69f882a21c7600b84c38002f4a46ce60ca0bc92

    • SSDEEP

      12288:nm1Mcw5EO6dHvDe0P3lx5EBto8BkfzNbuTyGrC6N2c2mcsAMzRGBRA4cZD:UMFEO6dHvDe0P335EXpUNSleQ2cYCGLc

    Score
    3/10
    behavioral1behavioral2

    • Target

      AS.js

    • Size

      143B

    • MD5

      7249f0cf1e44e8e7a3642e2bbb0c0b1f

    • SHA1

      49d2212ddc7444087928b7a4a2e2adb72febca85

    • SHA256

      02049dd1dce83d87edaa23656c4327af83be55f67f793afac7203ac4c12a76e9

    • SHA512

      b5b72aedc217c69ec6385f63575b8e0b77e35334ff673cf8a107b64f517bf762e8464da5c749c160576c26fa6b7198e62266dfd40d497daab3d535b7cee19296

    Score
    10/10
    qakbotbb081669628564bankerstealertrojan

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral3behavioral4

    • Target

      fix/adjutant.js

    • Size

      143B

    • MD5

      7249f0cf1e44e8e7a3642e2bbb0c0b1f

    • SHA1

      49d2212ddc7444087928b7a4a2e2adb72febca85

    • SHA256

      02049dd1dce83d87edaa23656c4327af83be55f67f793afac7203ac4c12a76e9

    • SHA512

      b5b72aedc217c69ec6385f63575b8e0b77e35334ff673cf8a107b64f517bf762e8464da5c749c160576c26fa6b7198e62266dfd40d497daab3d535b7cee19296

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral5behavioral6

    • Target

      fix/data.txt

    • Size

      630KB

    • MD5

      be6d4df1763d3f91b6db17aa0eee9d07

    • SHA1

      3618ccdde4d819cdb211c496e9a7667eceb1d48a

    • SHA256

      6da554b8972aeb32e3e0629ccc8be44c2370ed98c000ecde1789dd84cd474ff7

    • SHA512

      f1cc1b4fc10819c85550bf7973021cec18c99cc749424224cb8572971e80ea055c9483d9d190556d768b81cf5efd0ab0c952260ad61d10a3e633d8686e97b238

    • SSDEEP

      12288:Im1Mcw5EO6dHvDe0P3lx5EBto8BkfzNbuTyGrC6N2c2mcsAMzRGBRA4cZDA:rMFEO6dHvDe0P335EXpUNSleQ2cYCGLx

    Score
    1/10
    behavioral7behavioral8

    • Target

      fix/hypersensitiveness.ps1

    • Size

      372B

    • MD5

      66372a25352922e2fccd70bd7de22212

    • SHA1

      ab25a17b152e3eddf61e3e076194fa40ebafa972

    • SHA256

      072e68632cfb5a6db5f51cb84896b8f96827b18d81bedb858818e7d1ba46011f

    • SHA512

      0ce33acb0b2aa55b8514623ebd3c72707544507a68ffa75e414f5287aceb76b334cf08aafe2bcfba359ccda9e1cfc4acd760eaec4c3adf759575bee7f75687f2

    Score
    1/10
    behavioral10behavioral9

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

5
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks