Overview

overview

10

Static

static

BF.vbs

windows7-x64

10

BF.vbs

windows10-2004-x64

10

teased/abscissa.ps1

windows7-x64

1

teased/abscissa.ps1

windows10-2004-x64

1

teased/una...le.vbs

windows7-x64

3

teased/una...le.vbs

windows10-2004-x64

7

Resubmissions

09-12-2022 20:56

221209-zq79pahb41 10

01-12-2022 18:24

221201-w17jcsbb8t 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SB-086.iso

  • Size

    101.2MB

  • Sample

    221201-w17jcsbb8t

  • MD5

    8cf93a79044ea337bc5d096516a3a350

  • SHA1

    c3f48dc60a44ef509d19df50b52da2dcf76734cf

  • SHA256

    643df2597cf46fa8713f2da393626757541e4a1452fdf63291e0eff41b6ede3d

  • SHA512

    b74d14029d7d08b3742d290faddee361370e971d9d21828a0a70c86bd63fa5552376042877da8eadc440dc9f0c260f2d9c889219ee340284e2492a2277d0c6ec

  • SSDEEP

    24576:PIfK3N4K+aqMJmz/WdxrN81BK9pBBuWb:Pr5CMJqAxCK9pBBuWb

Score
10/10
qakbotbb081669628564bankerstealertrojan

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

BB08

Campaign

1669628564

C2

98.147.155.235:443

85.52.73.34:2222

75.158.15.211:443

2.91.184.252:995

92.106.70.62:2222

85.152.152.46:443

86.159.48.25:2222

217.128.91.196:2222

92.11.189.236:2222

83.92.85.93:443

2.83.62.105:443

93.24.192.142:20

76.20.42.45:443

24.64.114.59:2078

73.36.196.11:443

130.43.99.103:995

172.117.139.142:995

100.16.107.117:443

12.172.173.82:22

176.151.15.101:443
Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      BF.vbs

    • Size

      178B

    • MD5

      c7a525683fce9af179dd75e119b50e60

    • SHA1

      77b587a1c8ed15b9b09f74dc2e902b39cd0b434d

    • SHA256

      1eed84a2e5619330ef135e563586976e810526c4259a17a7b506a88b3dd9c003

    • SHA512

      5b503c0140bc26318027b4d1ed24405fc3cc0c79a82258910bfd6fcec25c52ed0883c55504b5ec456564f11af789a2d8c78cfc58d5586b20621f2f5b4446637e

    Score
    10/10
    qakbotbb081669628564bankerstealertrojan

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      teased/abscissa.ps1

    • Size

      355B

    • MD5

      20cf9d5f6cc639a6d38452d8edc084fd

    • SHA1

      f9ceef9fee9df8ae9c62e76ed5fea63ab8410cd0

    • SHA256

      2907d56ca8297efd6b4ef7e2215c2a5248beff1d72bff36dfed0b9d8abd5ea53

    • SHA512

      f61a460e2262a8e1b3aed4d0fbdf64c3c5d8b86a53a6df789e4e3f560079149d2848d10d31601b339b9c9f72f0238753e54746f01408dd4ca663b892153c8be1

    Score
    1/10
    behavioral3behavioral4

    • Target

      teased/unattributable.vbs

    • Size

      178B

    • MD5

      c7a525683fce9af179dd75e119b50e60

    • SHA1

      77b587a1c8ed15b9b09f74dc2e902b39cd0b434d

    • SHA256

      1eed84a2e5619330ef135e563586976e810526c4259a17a7b506a88b3dd9c003

    • SHA512

      5b503c0140bc26318027b4d1ed24405fc3cc0c79a82258910bfd6fcec25c52ed0883c55504b5ec456564f11af789a2d8c78cfc58d5586b20621f2f5b4446637e

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

4
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks