Overview

overview

10

Static

static

AS.js

windows7-x64

10

AS.js

windows10-2004-x64

10

fix/geodesy.js

windows7-x64

3

fix/geodesy.js

windows10-2004-x64

7

fix/various.ps1

windows7-x64

1

fix/various.ps1

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SC-021.iso

  • Size

    690KB

  • Sample

    221129-2fh8xsgg5y

  • MD5

    f36acb858372df6a362c22152cef78b5

  • SHA1

    39548fe67712557065ec723ced970a33d20c1a7c

  • SHA256

    f62984bb86f8fe6e6561444f99d2929ff21ad8e14d73b52e7d435a2a72ea9ec9

  • SHA512

    b5dda824a0ddff367e2ee5efc0a6c995d4de6cb8e88e502eee9fe53ef712e8aeac82b423cac0c7bf875197cda93ddd5c414119fe28a528afcca926c4a721100e

  • SSDEEP

    12288:Dm1Mcw5EO6dHvDe0P3lx5EBto8BkfzNbuTyGrC6N2c2mcsAMzRGBRA4cZD:IMFEO6dHvDe0P335EXpUNSleQ2cYCGLc

Score
10/10
qakbotbb081669628564bankerstealertrojan

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

BB08

Campaign

1669628564

C2

98.147.155.235:443

85.52.73.34:2222

75.158.15.211:443

2.91.184.252:995

92.106.70.62:2222

85.152.152.46:443

86.159.48.25:2222

217.128.91.196:2222

92.11.189.236:2222

83.92.85.93:443

2.83.62.105:443

93.24.192.142:20

76.20.42.45:443

24.64.114.59:2078

73.36.196.11:443

130.43.99.103:995

172.117.139.142:995

100.16.107.117:443

12.172.173.82:22

176.151.15.101:443
Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      AS.js

    • Size

      132B

    • MD5

      e4b045643144ce372ce2d9690aa473a2

    • SHA1

      21d8dac865b960715f88143bf56471d559d51a89

    • SHA256

      fc54b39580668781ba52d9147427f1baf6fba8c0db4bbbf14e840c63a3663139

    • SHA512

      9e9d39ab52eedb138fd7ee977c84e3ebebe9c041a5dfd4b5183825b05ce21e900d70c098545489544156071450e93f282f9f011ffadca60b344aba61f614a0b8

    Score
    10/10
    qakbotbb081669628564bankerstealertrojan

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      fix/geodesy.js

    • Size

      132B

    • MD5

      e4b045643144ce372ce2d9690aa473a2

    • SHA1

      21d8dac865b960715f88143bf56471d559d51a89

    • SHA256

      fc54b39580668781ba52d9147427f1baf6fba8c0db4bbbf14e840c63a3663139

    • SHA512

      9e9d39ab52eedb138fd7ee977c84e3ebebe9c041a5dfd4b5183825b05ce21e900d70c098545489544156071450e93f282f9f011ffadca60b344aba61f614a0b8

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral3behavioral4

    • Target

      fix/various.ps1

    • Size

      371B

    • MD5

      2a0113349023c250170e7ae272c13694

    • SHA1

      35204b716f8373c7f3190d68cef81889b6614ae2

    • SHA256

      96946454f60b15d195e38903f477ff25aa9b1af13597f7cadc116e2a2ca5e0e9

    • SHA512

      ae2d9a9598db5beef537e25d20f4cb529769911d85286168a68e61bd04c7c1d941179ac496e067acf6808a53933d81adf104f799f3597e08c632afca29e05bf5

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

4
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks