Overview

overview

10

Static

static

AS.js

windows7-x64

10

AS.js

windows10-2004-x64

10

fix/catechism.ps1

windows7-x64

1

fix/catechism.ps1

windows10-2004-x64

1

fix/folksongs.js

windows7-x64

3

fix/folksongs.js

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    WS-423.iso

  • Size

    690KB

  • Sample

    221129-j99nvsbh79

  • MD5

    62130665f7d951d5d79ffbfce88dcc85

  • SHA1

    dc54621fc66e6b314e5ab3ebd3704cc2de62ee8a

  • SHA256

    cadc4b5d3da925f221cfb090fea16485be53f6e070d2181886380b10f082830a

  • SHA512

    3a328365321bb87d36d73738bfd20056b27fcc816d4b556d88cda87eb120f6cd63387e5b2bcf79161a90a6a7222e508e2f79e49c5d68e633ceb6b758acbe1319

  • SSDEEP

    12288:Ym1Mcw5EO6dHvDe0P3lx5EBto8BkfzNbuTyGrC6N2c2mcsAMzRGBRA4cZD:bMFEO6dHvDe0P335EXpUNSleQ2cYCGLc

Score
10/10
qakbotbb081669628564bankerstealertrojan

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

BB08

Campaign

1669628564

C2

98.147.155.235:443

85.52.73.34:2222

75.158.15.211:443

2.91.184.252:995

92.106.70.62:2222

85.152.152.46:443

86.159.48.25:2222

217.128.91.196:2222

92.11.189.236:2222

83.92.85.93:443

2.83.62.105:443

93.24.192.142:20

76.20.42.45:443

24.64.114.59:2078

73.36.196.11:443

130.43.99.103:995

172.117.139.142:995

100.16.107.117:443

12.172.173.82:22

176.151.15.101:443
Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      AS.js

    • Size

      134B

    • MD5

      2aa3c40df6f891e2e7dffa367b141a3c

    • SHA1

      8af7beca046de11e381264f743db534200a54f15

    • SHA256

      4cf5a64266417d67650078a62f3f89874c418d152f963f7b04a86137c32538b3

    • SHA512

      b12fd7eb357a60eeea6277718ce2adf92c859660e265f3a78bed00d87897da0901362a2ece470ed977fdf89e024322a4cff4cbe621b243cb9574bd2dab771ee8

    Score
    10/10
    qakbotbb081669628564bankerstealertrojan

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      fix/catechism.ps1

    • Size

      374B

    • MD5

      bf2437ef024bd621ba8e748186588e3a

    • SHA1

      ba5d13ad4ff7826da49eb5af902d5654c9f7853d

    • SHA256

      cb1e267954a684aa76d838aa4ff80235feb94fb7bb70116cd2d400a2fb8072e3

    • SHA512

      3a81841d66e877baa7142b3548aa73b30befc3432150db912c0288fbaa87c1a00411c302e6cd5129735d1bceb3a3635bce4b34f7191a8a587928127e093069ef

    Score
    1/10
    behavioral3behavioral4

    • Target

      fix/folksongs.js

    • Size

      134B

    • MD5

      2aa3c40df6f891e2e7dffa367b141a3c

    • SHA1

      8af7beca046de11e381264f743db534200a54f15

    • SHA256

      4cf5a64266417d67650078a62f3f89874c418d152f963f7b04a86137c32538b3

    • SHA512

      b12fd7eb357a60eeea6277718ce2adf92c859660e265f3a78bed00d87897da0901362a2ece470ed977fdf89e024322a4cff4cbe621b243cb9574bd2dab771ee8

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

4
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks