Overview

overview

6

Static

static

1

CPU-qjetsk...tar.gz

windows10-1703-x64

3

CPU-qjetsk...ux.tar

windows10-1703-x64

3

CPU-qjetsk...s.json

windows10-1703-x64

6

CPU-qjetsk...Client

windows10-1703-x64

1

CPU-qjetsk...ice.sh

windows10-1703-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    CPU-qjetski-1.9.7-Linux.tar.gz

  • Size

    8.1MB

  • Sample

    240625-cd3r4sxhnn

  • MD5

    5da550a2436bb53ff13f2189c6fb5eb7

  • SHA1

    58ccb9de4491dfaf5432cf6e0359536862944d72

  • SHA256

    b2ab0c3f2f135714d2e5567cd653363f9d416d8345c23968ab50f11817aaa024

  • SHA512

    9771ed7cb008e09a91af21730b49dc698e9cac493c7a85d6fc894e017181c183b48c29f64d9134da4afa9423d28085ea09278d1f4138432b92118e11e101c2a4

  • SSDEEP

    196608:pmhztLwmkyCrP0PMUXbLLZ9WDGKS0Oo8gOXvEf2JGV4GheU1U8:sH4yCrPkDLx9WDGP6pOfdJGVc6D

Score
6/10

Malware Config

Targets

    • Target

      CPU-qjetski-1.9.7-Linux.tar.gz

    • Size

      8.1MB

    • MD5

      5da550a2436bb53ff13f2189c6fb5eb7

    • SHA1

      58ccb9de4491dfaf5432cf6e0359536862944d72

    • SHA256

      b2ab0c3f2f135714d2e5567cd653363f9d416d8345c23968ab50f11817aaa024

    • SHA512

      9771ed7cb008e09a91af21730b49dc698e9cac493c7a85d6fc894e017181c183b48c29f64d9134da4afa9423d28085ea09278d1f4138432b92118e11e101c2a4

    • SSDEEP

      196608:pmhztLwmkyCrP0PMUXbLLZ9WDGKS0Oo8gOXvEf2JGV4GheU1U8:sH4yCrPkDLx9WDGP6pOfdJGVc6D

    Score
    3/10
    behavioral1

    • Target

      CPU-qjetski-1.9.7-Linux.tar

    • Size

      21.0MB

    • MD5

      684c036ea508f34562ce43f7c3f750bb

    • SHA1

      2e009578596584856684f562a292fdb3ade0064a

    • SHA256

      bd9cc997ad180a8d0a7c4d67714f393f9f6f0b5fed648959c7a23763e74187ec

    • SHA512

      1a96cc372a665474693c0070c0cd64eee998505df5a9d9664828123464291de6b265a5f43d3fe79dd916566e716a5fc1f854230ed3d25dd4ceefcbfd2ae939d7

    • SSDEEP

      196608:IGzPAZe0hwracj49qN/hs3aa4n6v4Eb/sM0kAh4P9TO61U:VzPDac9LjFEb/sMH

    Score
    3/10
    behavioral2

    • Target

      CPU-qjetski-1.9.7-Linux/appsettings.json

    • Size

      522B

    • MD5

      8deccc4c56f958848414e9b63f85a639

    • SHA1

      cf5db327308b72bf13dd912691e1a845790f11cf

    • SHA256

      fa04b7084329025d5a61f68f999d05649454d997b99ebab6ea5d20bb81487471

    • SHA512

      e14966ba387558f28dd872944a2d5dd76755700ba70f229f8aeb2f08cd5da7318987ae8243430d4d0080ac8c347a788ad0a6d5a628f22cd5633863c45d464561

    Score
    6/10

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral3

    • Target

      CPU-qjetski-1.9.7-Linux/qli-Client

    • Size

      21.0MB

    • MD5

      cc2a80c0d3e02ba8511d97e28f0f9396

    • SHA1

      bdf2c3b6c3b497592d97b68c3282f79c0c437377

    • SHA256

      3b4a8f7958d7f6f3238092e9624c483f79281bba8f7ccbe01c06e7e780fc6cd8

    • SHA512

      626683931fdd9e2ba619c59f7817fe9a9cd1500188bfe7b94691abc4a332236b1d50fbc05df51aed7edc488c01f9f8f337aa74a1e48a2ad1fbb428a83b8199f5

    • SSDEEP

      196608:0GzPAZe0hwracj49qN/hs3aa4n6v4Eb/sM0kAh4P9TO61UY:RzPDac9LjFEb/sMHH

    Score
    1/10
    behavioral4

    • Target

      CPU-qjetski-1.9.7-Linux/qli-Service.sh

    • Size

      45B

    • MD5

      d6287f6444b0c5c98f98a83fddec542e

    • SHA1

      78177772983491e7575a0238ca55fb5d780f3c26

    • SHA256

      8f4523a6d1f454c96371ce8b7e99d90632ef495cf5fbf271f9de02bcb86e5d3d

    • SHA512

      032d982d4c8ee28a6a860c8d3f13662511a2a0f59bcb89416fe10c43c2c242931ed2c09e5a313954007b11b2662311b035746cf17d89a52bad8962ecfd642be0

    Score
    3/10
    behavioral5

MITRE ATT&CK Enterprise v15

Tasks