eedf890068b1d6cc499b85b7c76da1df4393895299ae93f05fa3d8e0db7a8975

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
10/10/2024, 05:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-10-10_e1d4540dbb64d19f7a67a170df679e12_magniber_qakbot.exe
Size

1.7MB
MD5

e1d4540dbb64d19f7a67a170df679e12
SHA1

63d5e58a360c9435cd9a2184912a34ff3231b67d
SHA256

eedf890068b1d6cc499b85b7c76da1df4393895299ae93f05fa3d8e0db7a8975
SHA512

70269aee22cab2b5a8658652cc75980dfb269d53dc2ad3a8804692cf93bd7406beaf222e0e3f2cc30ca27891417fd9314962247644fa9881eb64b28098dbb3f0
SSDEEP

24576:6WgTAHbMnTFNVk+iGEQnukBES4RqLlbp64k+oWcm4bnTrqv1Pjn:6WgebMn9TugaRwpNBsTY

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	2024-10-10_e1d4540dbb64d19f7a67a170df679e12_magniber_qakbot.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2024-10-10_e1d4540dbb64d19f7a67a170df679e12_magniber_qakbot.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-10_e1d4540dbb64d19f7a67a170df679e12_magniber_qakbot.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-10_e1d4540dbb64d19f7a67a170df679e12_magniber_qakbot.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
PID:3224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\FFPlaySetup_1728538815.exe

Filesize
5KB

MD5
fba8f22e4ff9972900924ec6edea94c6

SHA1
51640920b0062216322ad5c6780fdd8b06f87859

SHA256
4a8fc5a8e79f51489cb124fc4e64da1e2ddf1d02b24ba548c18c8a3f9ec9fd78

SHA512
f2c727c3df5057f665f998fff403543c8aa9fee61ac4bbc2072a950bc1edb4485d1424b502485d5633262b089d6559918624d549da31fe87d8f5ac71000abe04

Download Submit
memory/3224-0-0x0000000000400000-0x00000000005C4000-memory.dmp

Filesize
1.8MB

Download
memory/3224-1-0x0000000000AA0000-0x0000000000AA1000-memory.dmp

Filesize
4KB

Download