Overview

overview

10

Static

static

AS.js

windows7-x64

10

AS.js

windows10-2004-x64

10

fix/speculating.ps1

windows7-x64

1

fix/speculating.ps1

windows10-2004-x64

1

fix/vocabularian.js

windows7-x64

3

fix/vocabularian.js

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    FL-025.iso

  • Size

    690KB

  • Sample

    221129-1ckf5shf57

  • MD5

    f8f526322456cfcba2851cfce8a62e0b

  • SHA1

    07fb3852250e51b15f59f915dcdfaefd18687e96

  • SHA256

    b895f0b4930c131fc92942de00d891ceaf782402e5215e2afeaf95b22137f353

  • SHA512

    21f3a784b286b29b9fc638a6b5bd04f5579faf681f62001bf6367df792d1b269c7daf0c9fd53fdae0d600c53aa3d99e31f843d9eb8216f6dd4a41b6ac986e1e7

  • SSDEEP

    12288:3m1Mcw5EO6dHvDe0P3lx5EBto8BkfzNbuTyGrC6N2c2mcsAMzRGBRA4cZD:EMFEO6dHvDe0P335EXpUNSleQ2cYCGLc

Score
10/10
qakbotbb081669628564bankerstealertrojan

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

BB08

Campaign

1669628564

C2

98.147.155.235:443

85.52.73.34:2222

75.158.15.211:443

2.91.184.252:995

92.106.70.62:2222

85.152.152.46:443

86.159.48.25:2222

217.128.91.196:2222

92.11.189.236:2222

83.92.85.93:443

2.83.62.105:443

93.24.192.142:20

76.20.42.45:443

24.64.114.59:2078

73.36.196.11:443

130.43.99.103:995

172.117.139.142:995

100.16.107.117:443

12.172.173.82:22

176.151.15.101:443
Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      AS.js

    • Size

      136B

    • MD5

      18fbbc8330d542279b90139845d6622e

    • SHA1

      0c6a9018e0ed2e43dce791a00789983520e6ff3c

    • SHA256

      3e478e3844dea92906e4b94165c0fe1325c3c6be20def2645248366a27618014

    • SHA512

      5b16a231cc17b2b8b7910047c55e13e393ff68318b009a2e6bbb102675f9da7dc8d916c3d816f932829cd0523f2f93ba9d1e7f27eccdfe06f33b31272cd9e884

    Score
    10/10
    qakbotbb081669628564bankerstealertrojan

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      fix/speculating.ps1

    • Size

      371B

    • MD5

      bb7793ce425db431b720fb50f391cb97

    • SHA1

      fb517ddb22d112606ce8e37f7f104446b37559d8

    • SHA256

      c6ddc6d154447b822a719e91342e9d0f3e6254fccd733b847fd77c43d73927cd

    • SHA512

      caa200cd88a2a3b64079aa189c4d0d3275181bff20b907ab9802f0ca130937fb083a6701d4b939008b5bf74f5be4e81d975bff3822dee36f16d86d38977397c6

    Score
    1/10
    behavioral3behavioral4

    • Target

      fix/vocabularian.js

    • Size

      136B

    • MD5

      18fbbc8330d542279b90139845d6622e

    • SHA1

      0c6a9018e0ed2e43dce791a00789983520e6ff3c

    • SHA256

      3e478e3844dea92906e4b94165c0fe1325c3c6be20def2645248366a27618014

    • SHA512

      5b16a231cc17b2b8b7910047c55e13e393ff68318b009a2e6bbb102675f9da7dc8d916c3d816f932829cd0523f2f93ba9d1e7f27eccdfe06f33b31272cd9e884

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

4
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks