Overview

overview

10

Static

static

10

8888888.exe

windows7-x64

10

8888888.exe

windows10-2004-x64

10

Challenge_1.dll

windows7-x64

1

Challenge_1.dll

windows10-2004-x64

1

Challenge_2.exe

windows7-x64

3

Challenge_2.exe

windows10-2004-x64

3

filetype.exe

windows7-x64

1

filetype.exe

windows10-2004-x64

3

md5-1.exe

windows7-x64

1

md5-1.exe

windows10-2004-x64

3

md5-2.exe

windows7-x64

1

md5-2.exe

windows10-2004-x64

3

ssdeep-2.1...zy.dll

windows7-x64

3

ssdeep-2.1...zy.dll

windows10-2004-x64

3

ssdeep-2.1...ep.exe

windows7-x64

1

ssdeep-2.1...ep.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Chapter 2.zip

  • Size

    4.1MB

  • Sample

    240926-kgq7gszgkh

  • MD5

    0f4a961ef5bfaaff6f1bfbcc55edad56

  • SHA1

    8c601b0717fcf6b5275de0e29630d72821782397

  • SHA256

    d07bdefcabeb6ef9fd8066d5fd79777225bc0725aef6e737f16c643ae9662559

  • SHA512

    9da755d95d9cf6fd22927dcb2e683f8135f973beffd8c428b98a43eb6ac2ea2360de7f337ab1267900c7d4433d48baf52ffa1a5ebf22eb95b33b35f9658281f8

  • SSDEEP

    98304:Glt3iHt3Bk5T0SU5cp6QyC9FlxWKLDXF5vCeGxzCO3jXoltnsWU:Gj3cBqT0rcpDyC2Kn3vCeK2O2tPU

Score
10/10
jupyterqakbotspx1331591267427bankercryptonediscoveryevasionpackerstealertrojan

Malware Config

Extracted

Family

jupyter

Version

MX-2

C2

http://5.254.118.242

Extracted

Family

qakbot

Version

324.142

Botnet

spx133

Campaign

1591267427

C2

49.144.84.21:443

189.159.133.162:995

173.245.152.231:443

77.237.181.212:995

207.255.161.8:2078

76.187.8.160:443

207.255.161.8:2087

98.219.77.197:443

66.222.88.126:995

207.255.161.8:32102

108.58.9.238:995

47.152.210.233:443

1.40.42.4:443

188.27.71.163:443

82.127.193.151:2222

104.50.141.139:995

67.83.54.76:2222

86.126.97.183:2222

73.94.229.115:443

47.35.182.97:443

Targets

    • Target

      8888888.png

    • Size

      1.2MB

    • MD5

      136b9c85525ba66276b8c9f6b7014b0b

    • SHA1

      0cf5ba13d14c28c60586c7f4b9679925fa4d4172

    • SHA256

      a23ef053cccf6a35fda9adc5f1702ba99a7be695107d3ba5d1ea8c9c258299e4

    • SHA512

      0c02b116029a7d4f4c44988dc6220ed4050c94cab6e57f4aeb29d8edd0b8b59e74c89d6bd62e6e828826f44ebfb478280051ca289ea712c52d5fd113541e2590

    • SSDEEP

      6144:JanAo3boaSrTBRc6nWF84LvSkgNSjEtIovH6DgJG3uhRtSUgnSt9BYbC38g/T4J:JaAKoRrTBHWC4LINSjA/EMGU/SHomaI

    Score
    10/10
    qakbotspx1331591267427bankercryptonediscoveryevasionpackerstealertrojan

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Turns off Windows Defender SpyNet reporting

      evasion

    • Windows security bypass

      evasiontrojan

    • CryptOne packer

      Detects CryptOne packer defined in NCC blogpost.

      cryptonepacker

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      Challenge_1.dll

    • Size

      180KB

    • MD5

      ed629af9a127724d64185a26d00ae62d

    • SHA1

      3204c4352e4765ecf64b9bfa1b5e31c06b9577cc

    • SHA256

      b6d7e579a24efc09c2dba13ca90622790866e017a3311c1809c5041e91b7a930

    • SHA512

      ac989c584c067425ae2e67111b869239c0548baf085edcd9edb017056cfa3edb208d5fc5431ebb351c190fd4c9adffb673eaf5fc994d7833efcec6ff3511c55f

    • SSDEEP

      3072:C5OLkQW8JS0k0wcBalDIs3hlAp5+hQQE89X3Qo+PgaE3:CsWnGYlAp5+hR9sYaE

    Score
    1/10
    behavioral3behavioral4

    • Target

      Challenge_2.bin

    • Size

      3.6MB

    • MD5

      db349b97c37d22f5ea1d1841e3c89eb4

    • SHA1

      e889544aff85ffaf8b0d0da705105dee7c97fe26

    • SHA256

      24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c

    • SHA512

      d6c60b8f22f89cbd1262c0aa7ae240577a82002fb149e9127d4edf775a25abcda4e585b6113e79ab4a24bb65f4280532529c2f06f7ffe4d5db45c0caf74fea38

    • SSDEEP

      98304:wDqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3R:wDqPe1Cxcxk3ZAEUadzR8yc4gB

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      filetype.exe

    • Size

      44KB

    • MD5

      1f2eab66674cd1820fcd06a20b0a7ab8

    • SHA1

      0dc9e1b02e72b3f2630e47e715568cfceea9ab35

    • SHA256

      0283ee684729fc204a985e358eea93ae4010894a0a662ffd1267e1e78e9de624

    • SHA512

      066936f34d655ce6d6023dc08182e0d69686528460e003d885b1be0f386021ce8c607f16eb964ad8d3ff56e5a6dce65916abbd93b59c0ba83520574f6849c112

    • SSDEEP

      768:XPy45aRacSB9ivfCw7LjfYV4spkvlS63ul:XBEaHBsfCOLjfmNkvl+l

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      md5-1.exe

    • Size

      7KB

    • MD5

      665ff1dd581f97b33af9b7fb9f695912

    • SHA1

      ec762b486a048e1ec88a04e07f107499cfac2c92

    • SHA256

      e16a3e7bea60ab2aa1e49e31199791648c58b14d1691935f25f3bd4e94f2f34b

    • SHA512

      63ff81533b5089672e83ea740b77739bbd0594f3a6f98df30a6983f724d4bd4132db468457bb6368e629ed4083018e3860ddbdeed1708b45c425060fd4596b4f

    • SSDEEP

      24:eWpTD7ncAWq4Uz75TN4+8t1XDsc1+/qxB/qVsHBoGGmHBoG8:5TD7+mJNt8HXDsqrguBoMBoj

    Score
    3/10
    discovery
    behavioral10behavioral9

    • Target

      md5-2.exe

    • Size

      7KB

    • MD5

      665ff1dd581f97b33af9b7fb9f695912

    • SHA1

      89755b503f7f45aa28ef5567c679bb9d0de20309

    • SHA256

      84af18cfd067df107b790edde3dbd23a0379f8fbbd1913ab0cea74c4378f4569

    • SHA512

      63e4f2f8a2dc1c835e44e54635dca68b4fb6321327a1e2bbacecbb31ba625957f0429bce58dfa303ea99aa18afd20a2eedcba1d3189f3963a46599287f381637

    • SSDEEP

      24:el9IJDrn9AWqQUz75TN4+8IDXDscR+/qxB/qVsHBoGGmHBoG8:sKJDrTOJNt8OXDs2rguBoMBoj

    Score
    3/10
    discovery
    behavioral11behavioral12

    • Target

      ssdeep-2.14.1/fuzzy.dll

    • Size

      25KB

    • MD5

      b98efa830dc2089287ca527675913004

    • SHA1

      3a2295f7a2f7feb3a0b061190284b21e2dcbca6e

    • SHA256

      6139ec4ef02d56da92afdf5b124d206e73b418ffdb2cc1a0ad6224827a7baf58

    • SHA512

      96bb0d7a360008c833567d441db2b329632ca032bf4b17c7d79a38c59e4ed25e449577adf9f3ed4d7cb85521bb26c765dc5f682bf26d02314cd6b53f4b1b667d

    • SSDEEP

      384:7EX6kKD8aq3ZGrl4HjmpimeWW38gVm98ivFIEEaiyDHF2O0HKq3ln5DH:wVl3eOmpimkFZithbBb0qSb

    Score
    3/10
    discovery
    behavioral13behavioral14

    • Target

      ssdeep-2.14.1/ssdeep.exe

    • Size

      836KB

    • MD5

      5fe8e35203fc26b013e32749f241df89

    • SHA1

      48eefc1cac645cfdbbcb18043213ebfc6685bce6

    • SHA256

      6333bfd19c7d6ef5768a19bf8188d07ca5769313faba1836c1043ce2e11079f3

    • SHA512

      9ab6739dee77f763352b5ba27b332c3199ddf4a08e577a9d28094fab3c2017fd7fad71ad263b16b436fd4fb64fc4d43f7cdd3c0086181d11057e182811eeb9f8

    • SSDEEP

      24576:fWmPxN/Kt592Yxl8hiJygbYn1e0XmRTkxr15mODK7hfPexmKm6EQch7sX:uu/C2WJygbC1tiODKiOrQch

    Score
    3/10
    discovery
    behavioral15behavioral16

MITRE ATT&CK Enterprise v15

Tasks