Overview

overview

10

Static

static

AS.js

windows7-x64

10

AS.js

windows10-2004-x64

10

fix/cheating.js

windows7-x64

3

fix/cheating.js

windows10-2004-x64

7

fix/purveys.ps1

windows7-x64

1

fix/purveys.ps1

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PC-798.iso

  • Size

    690KB

  • Sample

    221129-p4dbcsag99

  • MD5

    91552a5492cf6e9c4cce3392173d8c84

  • SHA1

    5cb98cec4dc831fe8c3e62ac4e1d2e43b432f4b6

  • SHA256

    3351388925f4f2804abd5216c06371042c5f89633937a1a80ec0cf7b532884b0

  • SHA512

    483a44e4c4fe93bc58b555289ee1312de454187598efe5da03c958b66b00144ba5bb6ffae8ca079675a56df6705284b601e26281bd45f288d32eb076a100cad0

  • SSDEEP

    12288:1m1Mcw5EO6dHvDe0P3lx5EBto8BkfzNbuTyGrC6N2c2mcsAMzRGBRA4cZD:2MFEO6dHvDe0P335EXpUNSleQ2cYCGLc

Score
10/10
qakbotbb081669628564bankerstealertrojan

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

BB08

Campaign

1669628564

C2

98.147.155.235:443

85.52.73.34:2222

75.158.15.211:443

2.91.184.252:995

92.106.70.62:2222

85.152.152.46:443

86.159.48.25:2222

217.128.91.196:2222

92.11.189.236:2222

83.92.85.93:443

2.83.62.105:443

93.24.192.142:20

76.20.42.45:443

24.64.114.59:2078

73.36.196.11:443

130.43.99.103:995

172.117.139.142:995

100.16.107.117:443

12.172.173.82:22

176.151.15.101:443
Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      AS.js

    • Size

      132B

    • MD5

      36de50866faff5ba6a52e80a313153c4

    • SHA1

      af6f8f62c01b6cd3b409ac9b0fb27d9973673757

    • SHA256

      c93184ad6469b948e8ed17760c0baca9a3589bbbc91348d6526ee72ce009cc7d

    • SHA512

      59f19d56e3997f870f0471cc21a56a35cc119dd13a37a878e89caf025c5edb4b88a00431754534ba4fc6ac0ad637713fb157dab117d10afedc394d05866bafda

    Score
    10/10
    qakbotbb081669628564bankerstealertrojan

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      fix/cheating.js

    • Size

      132B

    • MD5

      36de50866faff5ba6a52e80a313153c4

    • SHA1

      af6f8f62c01b6cd3b409ac9b0fb27d9973673757

    • SHA256

      c93184ad6469b948e8ed17760c0baca9a3589bbbc91348d6526ee72ce009cc7d

    • SHA512

      59f19d56e3997f870f0471cc21a56a35cc119dd13a37a878e89caf025c5edb4b88a00431754534ba4fc6ac0ad637713fb157dab117d10afedc394d05866bafda

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral3behavioral4

    • Target

      fix/purveys.ps1

    • Size

      377B

    • MD5

      55087f66c4bca6179d168c15bd8b2a7c

    • SHA1

      c473fb8ea0ca0afe187eb339c4bf0cd6aaff7e0f

    • SHA256

      94f086a1ba63dab1b2b4dcaf9af8ede015bb05015e071cfece02b3e01fbfadc3

    • SHA512

      7ae54fa738851b4ad72ccef4bf1c439c2aeddf33c177ca998e32382dd3a7099c7e224d45c0f9dd39111290784ce0fe924224e49b0e144d7ebe93d4bead5c9c27

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

4
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks