Overview

overview

9

Static

static

7

VSWQBBUITB.dll

windows7-x64

9

VSWQBBUITB.dll

windows10-2004-x64

9

qDu.u.exe

windows7-x64

9

qDu.u.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    HEUR-Trojan-BankerWin32Me_JC.zip

  • Size

    11.6MB

  • Sample

    230713-rz5k6aaa3v

  • MD5

    bbcf025c863816a96009cc1845ceb462

  • SHA1

    a31812200c84d8de438c3c10ca1648a73a747e08

  • SHA256

    67c6b6b43e4af18433b854081a5d746300502b07429fb5d73ce493fac26a3a8e

  • SHA512

    91f9a7d822e31195bc01a1bc63f07f1d36a22dce1e14be99904ec8d326ad4de242ebf2f529652251e1f7d11613b4756e48334a2a502b36bbdd450c1b4f9b0d66

  • SSDEEP

    196608:yKkMxuoLk0yNMHLqMq7Xqm5IxNCcb7htnjKWiOQYJLgnKj8Ns/GIYoPCy:yKluEk08MHW7P4NCcb7nKWDJLXgW/tCy

Score
9/10
evasionspywarestealerthemidatrojan

Malware Config

Targets

    • Target

      VSWQBBUITB.fWN

    • Size

      11.4MB

    • MD5

      841d67181966ffd3269b1c18a0850751

    • SHA1

      f9edc2a6bc20a6618de97cb825b9314c15e9bb35

    • SHA256

      e3520f4fdc7bc4b780dd20a277899682cae0b012eb715d7346f1636e634a52bc

    • SHA512

      be697d4bbb9db2030c6be1c5055d4e4f158c6f8a9f51631b319ad849b2250b18bc9fdb4834629eba22bc86e4c4a9e6cf57f827a89a66d509238a608e52980a1f

    • SSDEEP

      196608:JF85AYWEhydlfb4YsWtueQgq4VSAyHqewIAkgTZtl+yp+BA+DkBE:7kPWEh+be9544bKewVNsyp+BdkBE

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

    • Target

      qDu.u.exe

    • Size

      889KB

    • MD5

      03c469798bf1827d989f09f346ce95f7

    • SHA1

      05e491bc1b8fbfbfdca24b565f2464137f30691e

    • SHA256

      de87c8713fac002b0b0a0f9b02c4e3ebcccf65282a22f5ab5912a9da00f35c2a

    • SHA512

      d95aed75dd7b2470d4e5052b4b494ad9efbb9eee42c63cf0b38f1d0275ff7b1bb8ee4cbc69d1bb219dbbf33ad3b01cea97f87fa8fe69be7f943aa4417a603238

    • SSDEEP

      24576:mjSsPIqS9jL0rJ3n770E9d8qTtE4n4CucuH:GzyH0ZOqTGQ4CDu

    Score
    9/10
    evasionspywarestealerthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral3behavioral4

MITRE ATT&CK Enterprise v6

Tasks