Overview

overview

10

Static

static

AS.js

windows7-x64

10

AS.js

windows10-2004-x64

10

fix/bluffer.ps1

windows7-x64

1

fix/bluffer.ps1

windows10-2004-x64

1

fix/consumed.js

windows7-x64

3

fix/consumed.js

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NV-508.iso

  • Size

    690KB

  • Sample

    221129-vy4t1sab38

  • MD5

    7826b2203e3e98a13f4ed06d0ca39ee4

  • SHA1

    3b17ee803e75a02334459abb9b1176a004af8f3c

  • SHA256

    f2ea340a6eaa561e9fa571b190944ba053012f400c0bd82af7ce3d20507e2e2a

  • SHA512

    a63220989f98b2287577f1cd5eea39e39342fcb84868932a380f63df0ba5ecb967f3f07414e89fc2abf162b4cf6f595922cb3e695fb39b3e9445fe0ab04dc07f

  • SSDEEP

    12288:Um1Mcw5EO6dHvDe0P3lx5EBto8BkfzNbuTyGrC6N2c2mcsAMzRGBRA4cZDA:PMFEO6dHvDe0P335EXpUNSleQ2cYCGLx

Score
10/10
qakbotbb081669628564bankerstealertrojan

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

BB08

Campaign

1669628564

C2

98.147.155.235:443

85.52.73.34:2222

75.158.15.211:443

2.91.184.252:995

92.106.70.62:2222

85.152.152.46:443

86.159.48.25:2222

217.128.91.196:2222

92.11.189.236:2222

83.92.85.93:443

2.83.62.105:443

93.24.192.142:20

76.20.42.45:443

24.64.114.59:2078

73.36.196.11:443

130.43.99.103:995

172.117.139.142:995

100.16.107.117:443

12.172.173.82:22

176.151.15.101:443
Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      AS.js

    • Size

      132B

    • MD5

      442247b350fdf14d8d5b14723769fddb

    • SHA1

      1c8336b65a320618fb863f3d8c3c9322cce0d0cf

    • SHA256

      17c790ef2945243bcda274f5a2f117efab6faf94fb394fc4fc97e79be0685dda

    • SHA512

      2d121c048c41aee30af107dcf7cb4fff77a2e54707b042339ea349b1fe00a8402fc18d52d5557d89840d04db92ee9681f344ebbe19d96b1489efff7e0f4b93c6

    Score
    10/10
    qakbotbb081669628564bankerstealertrojan

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      fix/bluffer.ps1

    • Size

      371B

    • MD5

      125800de40408e58ec84a8605554e7b0

    • SHA1

      8bd9500db14f4c9f1f4b77ed1b295f63b5ff28ec

    • SHA256

      73525b8463cea42ff3f528e718644d79b92c614976ef4d46d8a84b333c35eba7

    • SHA512

      5c9e34964d406995e714ae234f06e44b7a69fdc044cd9b20d396aa29af6ad792cedfa4f564babd28b4a191cd54dc5f054526b01f010ebf9249038dda67238b1e

    Score
    1/10
    behavioral3behavioral4

    • Target

      fix/consumed.js

    • Size

      132B

    • MD5

      442247b350fdf14d8d5b14723769fddb

    • SHA1

      1c8336b65a320618fb863f3d8c3c9322cce0d0cf

    • SHA256

      17c790ef2945243bcda274f5a2f117efab6faf94fb394fc4fc97e79be0685dda

    • SHA512

      2d121c048c41aee30af107dcf7cb4fff77a2e54707b042339ea349b1fe00a8402fc18d52d5557d89840d04db92ee9681f344ebbe19d96b1489efff7e0f4b93c6

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral5behavioral6

MITRE ATT&CK Enterprise v6

Tasks