306fe3e51a7ccc9ca7f2150671e106673fb2e4249ee38923e31e02a2458d270b | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

file/Feb.wsf

windows10-1703-x64

8

file/n.log

windows10-1703-x64

1

Resubmissions

01/08/2023, 11:40

230801-nsw4nagf4y 8

21/04/2023, 15:45

230421-s7bhqage68 8

21/04/2023, 15:10

230421-skcr9sgc43 8

Sharing

General

Target

qakbot_sample .zip
Size

112KB
Sample

230421-skcr9sgc43
MD5

95b664a41799b9d563fc259f2e75adf0
SHA1

de42fc63cc2c9ac88b3096dca2d73a241f0ed303
SHA256

306fe3e51a7ccc9ca7f2150671e106673fb2e4249ee38923e31e02a2458d270b
SHA512

163d5b7bd096cb9ba1f2741849bf4eeca2f05c86509c8db712d9f2b91eac0209ef8a06d4a4b6be7af1a46c608751ec49ed541b97a178d8bbb9c98bd6e2829997
SSDEEP

3072:7W8EzUjcAnr5RsummAWz1c8swEf7wsHxiiu:7GUAZummphcahsIiu

Score

8^/10

discovery persistence

Static task

static1

Behavioral task

behavioral1

Sample

file/Feb.wsf

Resource

win10-20230220-en

discovery persistence

windows10-1703-x64

21 signatures

600 seconds

Behavioral task

behavioral2

Sample

file/n.log

Resource

win10-20230220-en

windows10-1703-x64

1 signatures

600 seconds

Malware Config

Targets

- Target
  
  file/Feb.wsf
- Size
  
  290KB
- MD5
  
  20e65f83fcbe1f10fb6cf6a29ab55a65
- SHA1
  
  a79c622dc5787025ce5c01ae9415c2df413d801a
- SHA256
  
  b396786fcbae38eb8d4d481bf05c42cdf8ef34cd2b0a81eb38b2c7c10b7ce3b6
- SHA512
  
  9d855840c0ee3d3625844dfe9890baff82248cc0296405a11b88add330763e8410d475467c2d0f79f559dde547e700674a6f2ca75bb70bfac3ca4ebbe128d9ad
- SSDEEP
  
  6144:vaG7zwUsHDxO3yHfgrogRcarC6Mq7VFyr0idubJTxPbdj9:Sdd/n0NDdx
Score

8^/10

discovery persistence
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Registers COM server for autorun
  persistence
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
behavioral1
- Target
  
  file/n.log
- Size
  
  6B
- MD5
  
  088a24ceb81eb19d02e59dd98a1991bc
- SHA1
  
  8ce29d80740f5524a4f0f23ebeaba806a71688b3
- SHA256
  
  50a2ff15aed08c3ab95bedabcac4bfce84239c3df18a7f5a049fca3da748aec5
- SHA512
  
  063898417332cf746fd160ae9a165cb752f976002f474ee016169c3a2ee33b98a9c67c53ecfcc9365322287dbc51fe9ac6af2ed67a5fab1fe1e49c2adbac6194
Score

1^/10
behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

© 2018-2025

Terms | Privacy