2024-05-27_ef7e8896cfbdac3acd11fc56ec94ab8a_magniber_qakbot

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-27_ef7e8896cfbdac3acd11fc56ec94ab8a_magniber_qakbot
Size

14.4MB
MD5

ef7e8896cfbdac3acd11fc56ec94ab8a
SHA1

67d217e96831d4bf9db9b485344bc067448221bb
SHA256

2632e2142828f1c2328710f8751db7e7ccb0e7354a581a2aac9b708098ec8a0d
SHA512

712b04fee2573e1c88d2afecbf54db8d93d34ea7e2332fc012e79a1ffa33485d4537b6aede511eb8700dca9bd2ea6e4127e7e94668e0378f33e0ae0ff3b8932b
SSDEEP

98304:pKYKpsn/4yAKrSkvlqRvIDg+KBOf+CdwTZQJ4oWHss9r0nE/82Y7mfW3+XKdDS8Y:n1ZsRvIABBZfMsummLS8V9Zaj

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs
Detects CryptOne packer defined in NCC blogpost.
cryptone packer

Processes:

resource yara_rule

sample cryptone

resource	yara_rule
sample	cryptone

Files

2024-05-27_ef7e8896cfbdac3acd11fc56ec94ab8a_magniber_qakbot
.exe windows:4 windows x86 arch:x86

013d0da1df8123047ff64c2b963e2bc1

Code Sign

d7:22:18:2f:db:13:54:52:04:9b:70:1a:79:2f:18:5a
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27-08-2008 00:00

Not After

27-08-2009 23:59

Subject

CN=Passware\, Inc.,O=Passware\, Inc.,POSTALCODE=94040,STREET=Suite 180+STREET=800 W El Camino Real,L=Mountain View,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

18:44:6e:93:05:ed:76:1a:b4:43:68:e1:7d:d5:03:66:d8:bb:6e:0e
Signer

Actual PE Digest

18:44:6e:93:05:ed:76:1a:b4:43:68:e1:7d:d5:03:66:d8:bb:6e:0e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExA
RegFlushKey
RegEnumValueW
RegCreateKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegDeleteKeyA
RegDeleteValueA
RegEnumValueA
RegEnumKeyExA
RegOpenKeyW
CryptReleaseContext
CryptAcquireContextA
CryptDecrypt
CryptSetKeyParam
CryptDeriveKey
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptDestroyKey
CryptImportKey
CryptDuplicateKey
CryptEncrypt
CryptDuplicateHash
RegSetKeySecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegGetKeySecurity
RegQueryValueExA

comctl32

ImageList_GetIconSize
ord17
ImageList_Draw
ImageList_ReplaceIcon
ImageList_LoadImageW
ImageList_Create
ImageList_Destroy
ImageList_Add
ImageList_AddMasked
_TrackMouseEvent
ImageList_GetIcon
InitCommonControlsEx

comdlg32

GetSaveFileNameW
GetOpenFileNameW

gdi32

DeleteObject
Polyline
SelectObject
CreatePen
PatBlt
CreatePatternBrush
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
GetDeviceCaps
CreateSolidBrush
GetObjectW
GetStockObject
SetBkMode
SetTextColor
CreateFontIndirectW
SetBkColor
ExtTextOutW
LineTo
MoveToEx
DeleteDC
GetTextExtentPoint32A
CreateFontIndirectA
GetObjectA
GetTextExtentPoint32W
DeleteEnhMetaFile
Polygon
GetClipBox
PlayEnhMetaFile
CloseEnhMetaFile
CreateEnhMetaFileW
EnumFontFamiliesExW
CreateFontW
CreateDIBSection
GetTextFaceW
GetTextMetricsW
DPtoLP
GetDIBColorTable
EnumFontFamiliesW
CreateRoundRectRgn
FrameRgn

shell32

SHGetSpecialFolderPathA
ShellExecuteA
SHGetSpecialFolderLocation
SHGetFileInfoW
DragQueryFileW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
ShellExecuteW
SHFileOperationW
ord155
ord77
SHGetDesktopFolder
ShellExecuteExW

kernel32

LoadLibraryA
FindClose
FindNextFileW
FindFirstFileW
SetThreadPriority
GetThreadTimes
GetCurrentThread
GetFileAttributesExW
SetFileAttributesW
LocalFree
FormatMessageW
WideCharToMultiByte
TlsFree
TlsGetValue
GetExitCodeThread
WaitForSingleObject
TlsSetValue
TlsAlloc
SetEndOfFile
IsBadWritePtr
IsBadReadPtr
VirtualQuery
SetErrorMode
SetEvent
ResetEvent
CreateEventA
DuplicateHandle
InterlockedExchangeAdd
GetModuleFileNameA
SetUnhandledExceptionFilter
FormatMessageA
GlobalMemoryStatus
GetVersionExA
GetFullPathNameA
GetModuleHandleA
GetLocaleInfoA
GetNumberFormatA
GetDateFormatW
GetTimeFormatW
GlobalSize
CreateMutexW
ReleaseMutex
GetSystemInfo
WriteFile
ExpandEnvironmentStringsW
CreateEventW
FreeResource
GetTimeZoneInformation
GetSystemDefaultLCID
Sleep
LocalAlloc
GetPrivateProfileStringA
CreateProcessW
GetTempPathW
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
HeapDestroy
HeapReAlloc
HeapSize
GetACP
GetThreadLocale
GetLocalTime
GetLogicalDrives
GetFileSize
lstrlenA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
GetLocaleInfoW
CompareStringA
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
SetEnvironmentVariableA
GetDateFormatA
GetTimeFormatA
GetConsoleMode
GetConsoleCP
ReadFile
SystemTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
IsValidCodePage
GetOEMCP
HeapCreate
GetStdHandle
GetCPInfo
LCMapStringW
LCMapStringA
FindNextFileA
DeleteFileA
GetFileAttributesA
SetFileAttributesA
GetCurrentDirectoryA
FindFirstFileA
GetDriveTypeA
IsDebuggerPresent
TerminateProcess
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetFileType
SetStdHandle
FlushFileBuffers
SetFilePointer
GetFullPathNameW
SetEnvironmentVariableW
FileTimeToLocalFileTime
FileTimeToSystemTime
RemoveDirectoryW
CreateDirectoryW
DeleteFileW
ExitProcess
MoveFileW
GetStartupInfoW
RtlUnwind
GetDriveTypeW
CreateThread
GetModuleHandleW
LoadLibraryExW
lstrcpynA
LoadLibraryW
GetProcAddress
FreeLibrary
CreateFileW
lstrcmpiW
CompareStringW
TryEnterCriticalSection
lstrcpyW
GlobalHandle
GlobalFree
GetModuleFileNameW
lstrcmpW
GetLastError
InitializeCriticalSection
lstrlenW
MulDiv
lstrcpynW
GetVersionExW
GlobalAlloc
GlobalLock
GlobalUnlock
DeleteCriticalSection
MultiByteToWideChar
SetLastError
GetCurrentThreadId
InterlockedExchange
InterlockedIncrement
GetCurrentProcess
FlushInstructionCache
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetLogicalDriveStringsW
CreateDirectoryA
RemoveDirectoryA
ExitThread
CloseHandle
InterlockedDecrement
ResumeThread
WaitForMultipleObjects
DeviceIoControl
GetSystemTime
QueryPerformanceFrequency
GetFileAttributesW

user32

EnumThreadWindows
SetParent
CheckMenuItem
DrawIcon
SendMessageW
SetWindowLongW
InvalidateRect
IsWindow
GetClassInfoExW
LoadCursorW
DefWindowProcW
CreateWindowExW
RegisterClassExW
CallWindowProcW
GetWindowLongW
DestroyIcon
LoadIconW
ScreenToClient
EnableMenuItem
ScrollWindowEx
SetScrollPos
GetScrollPos
TrackMouseEvent
DrawFrameControl
DrawTextExW
PostThreadMessageW
SetWindowRgn
AttachThreadInput
ShowScrollBar
SetScrollInfo
EnumChildWindows
GetScrollInfo
GetSysColorBrush
HideCaret
SendMessageTimeoutW
InflateRect
FrameRect
FindWindowExA
RegisterClassA
SendDlgItemMessageA
MessageBoxA
SendMessageA
CheckRadioButton
MsgWaitForMultipleObjects
SetForegroundWindow
wsprintfW
GetMessageW
TranslateMessage
DrawMenuBar
KillTimer
SetTimer
GetMenuStringW
GetMenuItemID
InsertMenuItemW
SetMenuInfo
CreateMenu
GetKeyState
OpenClipboard
EmptyClipboard
CloseClipboard
SetClipboardData
LoadAcceleratorsW
PeekMessageW
MessageBeep
RemoveMenu
AppendMenuW
CreatePopupMenu
GetMenuItemCount
TrackPopupMenuEx
LoadStringA
PostQuitMessage
LoadStringW
SetMenuDefaultItem
GetMenuItemInfoW
SetMenuItemInfoW
IsDialogMessageW
TranslateAcceleratorW
GetForegroundWindow
MessageBoxW
LoadImageW
GetUpdateRect
DrawIconEx
DialogBoxParamW
DrawFocusRect
GetDlgCtrlID
IsWindowEnabled
OffsetRect
DrawTextW
SetDlgItemTextW
PostMessageW
EndDialog
IsDlgButtonChecked
CheckDlgButton
DestroyMenu
GetClientRect
DispatchMessageW
ClientToScreen
TrackPopupMenu
LoadMenuW
GetSubMenu
GetCursorPos
SetFocus
DestroyWindow
DialogBoxIndirectParamA
SystemParametersInfoA
SetWindowLongA
GetSystemMenu
GetDlgItemTextA
GetWindowLongA
CopyRect
GetClassInfoA
LoadCursorA
CreateCursor
UnregisterClassA
GetActiveWindow
GetWindowRect
ShowWindow
SetWindowPos
SetRectEmpty
CreateDialogParamW
UpdateWindow
SetCapture
GetParent
FillRect
DestroyCursor
LoadBitmapW
AdjustWindowRectEx
GetMenu
IsMenu
CreateDialogIndirectParamW
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
MapDialogRect
SetWindowContextHelpId
IsWindowVisible
CreateAcceleratorTableW
GetFocus
GetWindow
DestroyAcceleratorTable
GetDesktopWindow
GetClassNameW
IsChild
RedrawWindow
InvalidateRgn
GetDC
MoveWindow
CharNextW
GetSysColor
MapWindowPoints
GetDlgItem
EnableWindow
SetWindowTextW
GetCapture
SetCursor
ReleaseDC
GetWindowDC
EndPaint
BeginPaint
GetSystemMetrics
SystemParametersInfoW
GetMessagePos
PtInRect
DrawEdge
ReleaseCapture

ole32

StgCreateDocfile
CoInitializeEx
OleLockRunning
StringFromGUID2
ReleaseStgMedium
CreateDataAdviseHolder
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CoTaskMemAlloc
OleInitialize
OleUninitialize
RevokeDragDrop
DoDragDrop
RegisterDragDrop
CoUninitialize
CoInitialize
CoTaskMemRealloc
CoTaskMemFree
StgOpenStorage
StgOpenStorageOnILockBytes
StgIsStorageILockBytes
GetHGlobalFromStream
CreateStreamOnHGlobal

oleaut32

SysFreeString
SysStringLen
SysAllocString
SysStringByteLen
VariantInit
VariantClear
SysAllocStringLen
OleCreateFontIndirect
SafeArrayCreateVector
SafeArrayPutElement
SafeArrayDestroyDescriptor
VarUI4FromStr
DispCallFunc
LoadTypeLi
LoadRegTypeLi

msimg32

GradientFill
AlphaBlend

imagehlp

SymGetLineFromAddr
SymFunctionTableAccess
SymGetModuleBase
StackWalk
SymInitialize
SymSetOptions
ImagehlpApiVersion
CheckSumMappedFile
SymGetSymFromAddr

rasapi32

RasEnumEntriesW

winmm

PlaySoundW

ws2_32

WSACleanup
WSAGetLastError
WSAStartup
htonl
__WSAFDIsSet
select
closesocket
socket
ioctlsocket
recv
send
connect
htons
shutdown

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 5.8MB - Virtual size: 5.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

6z9pmnu5
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 304KB - Virtual size: 388KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dllshar
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

89mne1qa
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

9v.rmmh2
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

013d0da1df8123047ff64c2b963e2bc1

Code Sign

d7:22:18:2f:db:13:54:52:04:9b:70:1a:79:2f:18:5aCertificate

Extended Key Usages

Key Usages

18:44:6e:93:05:ed:76:1a:b4:43:68:e1:7d:d5:03:66:d8:bb:6e:0eSigner

Headers

File Characteristics

Imports

advapi32

comctl32

comdlg32

gdi32

shell32

kernel32

user32

ole32

oleaut32

msimg32

imagehlp

rasapi32

winmm

ws2_32

version

Sections

.text Size: 5.8MB - Virtual size: 5.8MB

6z9pmnu5 Size: 1.9MB - Virtual size: 1.9MB

.data Size: 304KB - Virtual size: 388KB

.tls Size: 4KB - Virtual size: 4KB

.dllshar Size: 4KB - Virtual size: 4KB

.rsrc Size: 4.4MB - Virtual size: 4.4MB

89mne1qa Size: 1.9MB - Virtual size: 1.9MB

9v.rmmh2 Size: 40KB - Virtual size: 40KB

d7:22:18:2f:db:13:54:52:04:9b:70:1a:79:2f:18:5a
Certificate

18:44:6e:93:05:ed:76:1a:b4:43:68:e1:7d:d5:03:66:d8:bb:6e:0e
Signer

.text
Size: 5.8MB - Virtual size: 5.8MB

6z9pmnu5
Size: 1.9MB - Virtual size: 1.9MB

.data
Size: 304KB - Virtual size: 388KB

.tls
Size: 4KB - Virtual size: 4KB

.dllshar
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4.4MB - Virtual size: 4.4MB

89mne1qa
Size: 1.9MB - Virtual size: 1.9MB

9v.rmmh2
Size: 40KB - Virtual size: 40KB