Overview

overview

10

Static

static

BF.vbs

windows7-x64

10

BF.vbs

windows10-2004-x64

10

teased/brisk.vbs

windows7-x64

3

teased/brisk.vbs

windows10-2004-x64

7

teased/streetcar.ps1

windows7-x64

1

teased/streetcar.ps1

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    WR-679.iso

  • Size

    101.2MB

  • Sample

    221130-v4htqsba39

  • MD5

    4da3e2d9b1ba57546d05b51e52eace47

  • SHA1

    e5ca6a04754c9fd40f7097b011aa70f4b2da5780

  • SHA256

    2f49265797c7b7452ff754a178995629fbbe1a371873f505dae15ccfe218b170

  • SHA512

    6b4e9de197dbd7b1467cc83abdb881e02db46befc539339a7e0596c1d701b906782831d57e11fef168ef8a28439fc4b062651343447d7baa73274237dd354cda

  • SSDEEP

    24576:GIfK3N4K+aqMjmz/WdxrN81BW9pBBuWb:Gr5CMjqAxCW9pBBuWb

Score
10/10
qakbotbb081669628564bankerstealertrojan

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

BB08

Campaign

1669628564

C2

98.147.155.235:443

85.52.73.34:2222

75.158.15.211:443

2.91.184.252:995

92.106.70.62:2222

85.152.152.46:443

86.159.48.25:2222

217.128.91.196:2222

92.11.189.236:2222

83.92.85.93:443

2.83.62.105:443

93.24.192.142:20

76.20.42.45:443

24.64.114.59:2078

73.36.196.11:443

130.43.99.103:995

172.117.139.142:995

100.16.107.117:443

12.172.173.82:22

176.151.15.101:443
Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      BF.vbs

    • Size

      179B

    • MD5

      d8ab48bc5170122c8acb023c638a66c8

    • SHA1

      2a30177c521710a139b57216415cecb85efb2e58

    • SHA256

      d2f7c74338d0e10042aeeec59f209762bbd131cbdb284ff731d0384de2a1ac7c

    • SHA512

      ef9ce632e556acbcf56617ec623df80a2276a679fd8a7cbb294eb3eae93524772dcdfe4ca0860a9c7d62b41e45353454e2e95ddd0c3c92bbe54ba1d7e966122c

    Score
    10/10
    qakbotbb081669628564bankerstealertrojan

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      teased/brisk.vbs

    • Size

      179B

    • MD5

      d8ab48bc5170122c8acb023c638a66c8

    • SHA1

      2a30177c521710a139b57216415cecb85efb2e58

    • SHA256

      d2f7c74338d0e10042aeeec59f209762bbd131cbdb284ff731d0384de2a1ac7c

    • SHA512

      ef9ce632e556acbcf56617ec623df80a2276a679fd8a7cbb294eb3eae93524772dcdfe4ca0860a9c7d62b41e45353454e2e95ddd0c3c92bbe54ba1d7e966122c

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral3behavioral4

    • Target

      teased/streetcar.ps1

    • Size

      360B

    • MD5

      8b1705dace1204fca00b08d30c674986

    • SHA1

      c2671acb6149ea7525fa1360d167aabd249671d7

    • SHA256

      af90b3709a27e3f1600cf587fcf839c7a01ccd970c4ede68d0ae5dab493f49fa

    • SHA512

      4503e5675c53aaa32559e1ceac3f9ee7be17a020ffdff2ef54f699db3ba5334ee20406060bf4082be3df399b6f0470d7db6e4049fa896e5b590b587f540b5442

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

4
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks