Overview

overview

10

Static

static

AS.js

windows7-x64

10

AS.js

windows10-2004-x64

10

fix/gladdened.ps1

windows7-x64

1

fix/gladdened.ps1

windows10-2004-x64

1

fix/verdi.js

windows7-x64

3

fix/verdi.js

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    AE-659.iso

  • Size

    690KB

  • Sample

    221129-w28g2sgg2w

  • MD5

    1a36c8010a7877c1fbead119b8d47325

  • SHA1

    c80e0f2e8822e20b62b74e49168fe3be1a4c83fa

  • SHA256

    8ed594f6276e78b7321890c38bccff5dca13597fa5e8423be18e81f3c72919af

  • SHA512

    46213d9d9b16af2871cb28114268dcf21767a335e10408f2648d1b83589edc7ab737ca19c8540aa21936273ee0c9e939bf2c06504a53f5f353498d4bba4581f5

  • SSDEEP

    12288:dm1Mcw5EO6dHvDe0P3lx5EBto8BkfzNbuTyGrC6N2c2mcsAMzRGBRA4cZD:+MFEO6dHvDe0P335EXpUNSleQ2cYCGLc

Score
10/10
qakbotbb081669628564bankerstealertrojan

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

BB08

Campaign

1669628564

C2

98.147.155.235:443

85.52.73.34:2222

75.158.15.211:443

2.91.184.252:995

92.106.70.62:2222

85.152.152.46:443

86.159.48.25:2222

217.128.91.196:2222

92.11.189.236:2222

83.92.85.93:443

2.83.62.105:443

93.24.192.142:20

76.20.42.45:443

24.64.114.59:2078

73.36.196.11:443

130.43.99.103:995

172.117.139.142:995

100.16.107.117:443

12.172.173.82:22

176.151.15.101:443
Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      AS.js

    • Size

      134B

    • MD5

      b364c9ac8e0adeaa81e135a5448a1940

    • SHA1

      b4c115dd73c47903d85440e6b6d531c53c6b4f55

    • SHA256

      68c54eb8b935d327becbf30b8fe50bfaa611a20354e5374b054d0b6911df205e

    • SHA512

      8aeea4a850aed3224332d0e084f940905ea23aa35b2a63347562b7fadd07c128d327fa7b54876ea5d609a59d648ee3e096a185c6345e7d59df1a2a15e770ef93

    Score
    10/10
    qakbotbb081669628564bankerstealertrojan

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      fix/gladdened.ps1

    • Size

      379B

    • MD5

      3f5800c85c0a305af972ace498773080

    • SHA1

      2c83d69e8731b2b4404bbde79810c209a9e9d1df

    • SHA256

      488f0467369043028cf5985fc169ed252cfbc3f0c5d36729f4887793ddba16d3

    • SHA512

      864936b007ef8a885da395b0a17a94945a1edf21e7a8c31229249921b59b99a481981b2b4feef8cd45baa0e90319ec4a5751cf37628287a80aed45c96128a7f0

    Score
    1/10
    behavioral3behavioral4

    • Target

      fix/verdi.js

    • Size

      134B

    • MD5

      b364c9ac8e0adeaa81e135a5448a1940

    • SHA1

      b4c115dd73c47903d85440e6b6d531c53c6b4f55

    • SHA256

      68c54eb8b935d327becbf30b8fe50bfaa611a20354e5374b054d0b6911df205e

    • SHA512

      8aeea4a850aed3224332d0e084f940905ea23aa35b2a63347562b7fadd07c128d327fa7b54876ea5d609a59d648ee3e096a185c6345e7d59df1a2a15e770ef93

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

4
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks