Overview

overview

9

Static

static

3

2024-05-23...ot.exe

windows7-x64

9

2024-05-23...ot.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-05-23_9af471c6bb0c001f8296fb2ff15f0d9d_magniber_qakbot

  • Size

    4.7MB

  • Sample

    240523-g9dkbagd23

  • MD5

    9af471c6bb0c001f8296fb2ff15f0d9d

  • SHA1

    96d4e9ab3338d25e3608e17de86ac03dacfa2a0d

  • SHA256

    dcfa301a11aa0bab642b6191b08c9eaee6c0f65cf602ab48d54241870ddf7609

  • SHA512

    5718b80a52c66c6529b77f45c9c7ffb18339619ec3a0a0fd8306313053f0cf4d93397bcece9d9a6b8881334e5c0638ebacc065e95b0d17bcfffd68e3a0320908

  • SSDEEP

    98304:GJeV/ztZBeL1oiImuUiK9N9EGQKF9lSHbr7ar7QMvI:MS/hekmg4EpbrOfQ1

Score
9/10
ransomwarespywarestealer

Malware Config

Targets

    • Target

      2024-05-23_9af471c6bb0c001f8296fb2ff15f0d9d_magniber_qakbot

    • Size

      4.7MB

    • MD5

      9af471c6bb0c001f8296fb2ff15f0d9d

    • SHA1

      96d4e9ab3338d25e3608e17de86ac03dacfa2a0d

    • SHA256

      dcfa301a11aa0bab642b6191b08c9eaee6c0f65cf602ab48d54241870ddf7609

    • SHA512

      5718b80a52c66c6529b77f45c9c7ffb18339619ec3a0a0fd8306313053f0cf4d93397bcece9d9a6b8881334e5c0638ebacc065e95b0d17bcfffd68e3a0320908

    • SSDEEP

      98304:GJeV/ztZBeL1oiImuUiK9N9EGQKF9lSHbr7ar7QMvI:MS/hekmg4EpbrOfQ1

    Score
    9/10
    ransomwarespywarestealer

    • Renames multiple (6135) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

4
T1012

System Information Discovery

4
T1082

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks