qakbot | 10d0f1fc5101035243fac7124df2d6292bed1e29de58245dd6b2a4cff82df899 | Triage

Sharing

General

Target

ColorPick.exe
Size

344KB
Sample

200217-4dvatcevkx
MD5

681a2ff10b796cf00a43391cb6c0186c
SHA1

63f4006280016c9c2511b5bfa8d2311c32766a87
SHA256

10d0f1fc5101035243fac7124df2d6292bed1e29de58245dd6b2a4cff82df899
SHA512

46b6449f898192e1052316cdebb4d5a70002ddca1748dc2e83f742259238f0573253a6a42b8166a7415903a1fbd64716e7a2c73df1360fa2b5a069204193aa54

Score

10^/10

qakbot banker evasion persistence stealer trojan

Malware Config

Targets

- Target
  
  ColorPick.exe
- Size
  
  344KB
- MD5
  
  681a2ff10b796cf00a43391cb6c0186c
- SHA1
  
  63f4006280016c9c2511b5bfa8d2311c32766a87
- SHA256
  
  10d0f1fc5101035243fac7124df2d6292bed1e29de58245dd6b2a4cff82df899
- SHA512
  
  46b6449f898192e1052316cdebb4d5a70002ddca1748dc2e83f742259238f0573253a6a42b8166a7415903a1fbd64716e7a2c73df1360fa2b5a069204193aa54
Score

10^/10

trojan banker stealer qakbot persistence evasion
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Turns off Windows Defender SpyNet reporting
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run entry to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

trojanbankerstealerqakbotpersistenceevasion

behavioral2

evasiontrojanpersistencebankerstealerqakbot