Overview

overview

10

Static

static

BF.vbs

windows7-x64

3

BF.vbs

windows10-2004-x64

10

teased/mammary.ps1

windows7-x64

1

teased/mammary.ps1

windows10-2004-x64

1

teased/stiffeners.vbs

windows7-x64

3

teased/stiffeners.vbs

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    IS-631.zip

  • Size

    498KB

  • Sample

    221130-v6kq4sdh6x

  • MD5

    c92fab03be6f978fdaeefc03b5ea6e9c

  • SHA1

    ac739eeeee55d56fbc0ed892cd857a3f82b84e8d

  • SHA256

    8a947b74dc7aa05f98851a8a62e71e983cee37d32d18a7ba1e1e5cb357e830c2

  • SHA512

    14d93ee945f66a699f271839db8c5fa9098c0f6fa63381b0a0c0bf46e1206d43eb4dc5211072ee89b29be68e22128cb7f63af3b3cacccddba1f23d15c2811355

  • SSDEEP

    12288:JWWA2ou0g1wLBXk9VyqAWAa9Ai745kQwhcnTa0u0b:JWWA2zR6LByKWAX44XwqeKb

Score
10/10
qakbotbb081669628564bankerstealertrojan

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

BB08

Campaign

1669628564

C2

98.147.155.235:443

85.52.73.34:2222

75.158.15.211:443

2.91.184.252:995

92.106.70.62:2222

85.152.152.46:443

86.159.48.25:2222

217.128.91.196:2222

92.11.189.236:2222

83.92.85.93:443

2.83.62.105:443

93.24.192.142:20

76.20.42.45:443

24.64.114.59:2078

73.36.196.11:443

130.43.99.103:995

172.117.139.142:995

100.16.107.117:443

12.172.173.82:22

176.151.15.101:443
Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      BF.vbs

    • Size

      177B

    • MD5

      6b6fa4280d86225a89bc9baa003a793c

    • SHA1

      d58ad4335a1c039a772abd605775f5407ff9d7dd

    • SHA256

      54f762962f24619272d95f2ba0c9692ca14755f2484f903a9b6f28cccc285314

    • SHA512

      7347c304150243fe56782503a2496dbb1e6362e3dbdb6f1aa6cb122a2ad13905862352d2a7330892809e9f94bdcf2c0adac82c7e51fdbb54faaf055fff81ac33

    Score
    10/10
    qakbotbb081669628564bankerstealertrojan

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      teased/mammary.ps1

    • Size

      363B

    • MD5

      1afca7e01104c41276d5407b5a26a4db

    • SHA1

      a65e352c96a6d7c61741503874e3b395a17d3c1b

    • SHA256

      ade01ba047aea55733967891270a531473996e31d8b38f02d56f6d2102d1a393

    • SHA512

      7d7648ae9532196508d08cf7954144c3c25617ebfde58b64e4ef7fba8349457e3dca5cdb75184ae6cbf828a5dd8b4cb016f1854df3405ea2ca6ed952bbf9d0e9

    Score
    1/10
    behavioral3behavioral4

    • Target

      teased/stiffeners.vbs

    • Size

      177B

    • MD5

      6b6fa4280d86225a89bc9baa003a793c

    • SHA1

      d58ad4335a1c039a772abd605775f5407ff9d7dd

    • SHA256

      54f762962f24619272d95f2ba0c9692ca14755f2484f903a9b6f28cccc285314

    • SHA512

      7347c304150243fe56782503a2496dbb1e6362e3dbdb6f1aa6cb122a2ad13905862352d2a7330892809e9f94bdcf2c0adac82c7e51fdbb54faaf055fff81ac33

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

4
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks