General

  • Target

    QiXuan-UBL.rar

  • Size

    5.3MB

  • MD5

    0b2395df058e4c40fb50542556369076

  • SHA1

    de889c667cf776802645858de1695afae6a7c51e

  • SHA256

    6512ab1e16bc93051bfedeaadcd4504fb57aeda085959a9bc41df474822390fc

  • SHA512

    8db1eeef60e75a82662d534c098d9fb53e78a3e9c008845cfebf1a26c90f69c69cfb3435d44d78239857f9e9bd89d150674dfc6eb575b18e5142f1d206e6d04a

  • SSDEEP

    98304:vUXFGTY46MPiQOd0yIszeKm69myh8SQorOd0yIszHmk9myh8UUXFLS/TpS:vaFTDQOPI278MOPI2p8UaFB

Score
10/10

Malware Config

Signatures

  • AgentTesla payload 2 IoCs
  • Agenttesla family
  • Unsigned PE 10 IoCs

    Checks for missing Authenticode signature.

Files

  • QiXuan-UBL.rar
    .rar
  • Guna.UI.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Guna.UI2.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • LibUsbDotNet.LibUsbDotNet.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Newtonsoft.Json.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Newtonsoft.Json.xml
    .xml
  • QX-UNLOCKBOOTLOADER.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Code Sign

    Headers

    Imports

    Sections

  • QiXuan-UBL/Guna.UI.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • QiXuan-UBL/Guna.UI2.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • QiXuan-UBL/LibUsbDotNet.LibUsbDotNet.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • QiXuan-UBL/Newtonsoft.Json.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • QiXuan-UBL/Newtonsoft.Json.xml
    .xml
  • QiXuan-UBL/QX-UNLOCKBOOTLOADER.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Code Sign

    Headers

    Imports

    Sections

  • QiXuan-UBL/fb/AdbWinApi.dll
    .dll windows:6 windows x86 arch:x86

    c64cac39044626770353879245ea25e4


    Headers

    Imports

    Exports

    Sections

  • QiXuan-UBL/fb/AdbWinUsbApi.dll
    .dll windows:6 windows x86 arch:x86

    fda9f9f5f569ddd0dbf3ad8a275a2eb8


    Headers

    Imports

    Exports

    Sections

  • QiXuan-UBL/fb/adb.exe
    .exe windows:4 windows x86 arch:x86

    d6fa718ae14a9ef034f7559d83c5b8c6


    Headers

    Imports

    Sections

  • QiXuan-UBL/fb/fastboot.exe
    .exe windows:4 windows x86 arch:x86

    dcdabf7078214bd2ef0794bd38ee9385


    Headers

    Imports

    Sections

  • QiXuan-UBL/fb/recovery.exe
    .exe windows:6 windows x86 arch:x86

    3bd440d0afb0f13184f73e29b680835f


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • fb/AdbWinApi.dll
    .dll windows:6 windows x86 arch:x86

    c64cac39044626770353879245ea25e4


    Headers

    Imports

    Exports

    Sections

  • fb/AdbWinUsbApi.dll
    .dll windows:6 windows x86 arch:x86

    fda9f9f5f569ddd0dbf3ad8a275a2eb8


    Headers

    Imports

    Exports

    Sections

  • fb/adb.exe
    .exe windows:4 windows x86 arch:x86

    d6fa718ae14a9ef034f7559d83c5b8c6


    Headers

    Imports

    Sections

  • fb/fastboot.exe
    .exe windows:4 windows x86 arch:x86

    dcdabf7078214bd2ef0794bd38ee9385


    Headers

    Imports

    Sections

  • fb/recovery.exe
    .exe windows:6 windows x86 arch:x86

    3bd440d0afb0f13184f73e29b680835f


    Code Sign

    Headers

    Imports

    Exports

    Sections