Overview

overview

10

Static

static

AS.js

windows7-x64

10

AS.js

windows10-2004-x64

10

fix/sidetracks.js

windows7-x64

3

fix/sidetracks.js

windows10-2004-x64

7

fix/towns.ps1

windows7-x64

1

fix/towns.ps1

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    YA-937.iso

  • Size

    690KB

  • Sample

    221130-swfcjacb75

  • MD5

    a0aa547fe62db6c3c511b735101b10d7

  • SHA1

    d8863288902a6a7d8b82c2bd6d6d8e4af4378b9a

  • SHA256

    54440a947827c398fe561a4fa0dda5b60bc21b966566b6bd1ecdb71b40f97bed

  • SHA512

    14b45759775c4f75675ee0027d15d7d8ce49bf6814655806c32678be6e6dfac56a4f2432be2d079a64885270ccfd11140e1c130697a2898231524cb772de8e81

  • SSDEEP

    12288:mm1Mcw5EO6dHvDe0P3lx5EBto8BkfzNbuTyGrC6N2c2mcsAMzRGBRA4cZD:VMFEO6dHvDe0P335EXpUNSleQ2cYCGLc

Score
10/10
qakbotbb081669628564bankerstealertrojan

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

BB08

Campaign

1669628564

C2

98.147.155.235:443

85.52.73.34:2222

75.158.15.211:443

2.91.184.252:995

92.106.70.62:2222

85.152.152.46:443

86.159.48.25:2222

217.128.91.196:2222

92.11.189.236:2222

83.92.85.93:443

2.83.62.105:443

93.24.192.142:20

76.20.42.45:443

24.64.114.59:2078

73.36.196.11:443

130.43.99.103:995

172.117.139.142:995

100.16.107.117:443

12.172.173.82:22

176.151.15.101:443
Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      AS.js

    • Size

      130B

    • MD5

      6ab3b89d6faf74ab79106ab398847eac

    • SHA1

      6344745f6912f6bb595120aea452a28abdea97fe

    • SHA256

      63291a88c8c4a38a2841cc4830627d267bc26b7916089c95f2a8035d121ecb06

    • SHA512

      4060fa17d8b5926ba3bfcb568a1d7aca4b45cde1b8ea278fe49d334041479aa91342eaaf4879ff476bfeb731f5bd37aea4d380de54c4ab900a32c6f45c8c5b44

    Score
    10/10
    qakbotbb081669628564bankerstealertrojan

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      fix/sidetracks.js

    • Size

      130B

    • MD5

      6ab3b89d6faf74ab79106ab398847eac

    • SHA1

      6344745f6912f6bb595120aea452a28abdea97fe

    • SHA256

      63291a88c8c4a38a2841cc4830627d267bc26b7916089c95f2a8035d121ecb06

    • SHA512

      4060fa17d8b5926ba3bfcb568a1d7aca4b45cde1b8ea278fe49d334041479aa91342eaaf4879ff476bfeb731f5bd37aea4d380de54c4ab900a32c6f45c8c5b44

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral3behavioral4

    • Target

      fix/towns.ps1

    • Size

      370B

    • MD5

      2d33ee6df4ad25af1dd4df34d7c7f715

    • SHA1

      5db65e6ee9ff25dfb7f711fc5ea56fc9c7260286

    • SHA256

      1e694e48344970fa246cae82fb4be66a6674864cfcf068e250cd00e90e8fb903

    • SHA512

      3d1f1c3fea48ac907a8cab0d26e307aa85f7f32b1481cb2966eb69c26b9afb8d53a576e175494dd7c57c11daaeae9f7cf8661bec79374257de8694f589891836

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

4
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks