Overview

overview

10

Static

static

AS.js

windows7-x64

10

AS.js

windows10-2004-x64

10

fix/unwatermarked.ps1

windows7-x64

1

fix/unwatermarked.ps1

windows10-2004-x64

1

fix/veronica.js

windows7-x64

3

fix/veronica.js

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TY-756.iso

  • Size

    690KB

  • Sample

    221129-gva6msfe41

  • MD5

    ea858f5b14320acb51565911c234d576

  • SHA1

    a6724be4b2d904c4dd7c9241c239232096842137

  • SHA256

    82aa52c9627c7dba288dd49883864b45b99b182324cec1df938ecf23b56d4c9b

  • SHA512

    a466c0c7453495566b1029ed78ac77ab1ff2d51332a97db4a6b3cd7d5fd67e2dd42ecd4189b36dcc75180a086c31253e5ff50f47474387992142254bd44f711e

  • SSDEEP

    12288:Nm1Mcw5EO6dHvDe0P3lx5EBto8BkfzNbuTyGrC6N2c2mcsAMzRGBRA4cZD:OMFEO6dHvDe0P335EXpUNSleQ2cYCGLc

Score
10/10
qakbotbb081669628564bankerstealertrojan

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

BB08

Campaign

1669628564

C2

98.147.155.235:443

85.52.73.34:2222

75.158.15.211:443

2.91.184.252:995

92.106.70.62:2222

85.152.152.46:443

86.159.48.25:2222

217.128.91.196:2222

92.11.189.236:2222

83.92.85.93:443

2.83.62.105:443

93.24.192.142:20

76.20.42.45:443

24.64.114.59:2078

73.36.196.11:443

130.43.99.103:995

172.117.139.142:995

100.16.107.117:443

12.172.173.82:22

176.151.15.101:443
Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      AS.js

    • Size

      138B

    • MD5

      eea6049b9b99e426d7cec90efad09b2a

    • SHA1

      7431fd7b9ceff2ca3ccd6d57c4ddbd6072d97788

    • SHA256

      a1abe2c6dbccaaa6a04fbbc903043d2e2bb14e1534204ccbaf6b059ee754a2b0

    • SHA512

      2002bc44d80d8c38e6fd1cd6daeb550a0ebe502163cab58648473f68e30e2a976c5e12948fd7da074b01999f6c3aa463b9088e29d63a631c2ce4fd790b9c4208

    Score
    10/10
    qakbotbb081669628564bankerstealertrojan

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      fix/unwatermarked.ps1

    • Size

      369B

    • MD5

      ee1dae7f9bc8d29ac9de9c0482413600

    • SHA1

      b8228275bd599badebaf9206f0328b2439f8599c

    • SHA256

      056deb6e3f5de68f9ae2b1ed11f7d3d398a3488387294937bebcb0f8f847b5c9

    • SHA512

      de24d1a6c95206d71ef0d75b1ea2f202b97ac168170809eab298be028c61374a989809e5ac0c6da84a3edd989a8dd166c21ac230e5c073e94181022886534b93

    Score
    1/10
    behavioral3behavioral4

    • Target

      fix/veronica.js

    • Size

      138B

    • MD5

      eea6049b9b99e426d7cec90efad09b2a

    • SHA1

      7431fd7b9ceff2ca3ccd6d57c4ddbd6072d97788

    • SHA256

      a1abe2c6dbccaaa6a04fbbc903043d2e2bb14e1534204ccbaf6b059ee754a2b0

    • SHA512

      2002bc44d80d8c38e6fd1cd6daeb550a0ebe502163cab58648473f68e30e2a976c5e12948fd7da074b01999f6c3aa463b9088e29d63a631c2ce4fd790b9c4208

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

4
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks