MSG_986000.vbs

General
Target

MSG_986000.vbs

Size

5MB

Sample

200303-bdsch48nyx

Score
10 /10
MD5

bb7fbcd342edcef5b43904fe867edc2c

SHA1

a6852667b3de27e6d6eb5820fd2d5267479bdffa

SHA256

d41c66a9160ce7f0dd0d1360d8b8339a8276fc30215f4623ca88d0efad319346

SHA512

2fa2ba7ebf5b624bcd30de80dd49763c1e787cf883ad6ab4a9e5ea286b0a40d4d317b4ba43f5a3e06d869b53f069ce030a793d6a3d7fc0b1e3998a6548253989

Malware Config
Targets
Target

MSG_986000.vbs

MD5

bb7fbcd342edcef5b43904fe867edc2c

Filesize

5MB

Score
10 /10
SHA1

a6852667b3de27e6d6eb5820fd2d5267479bdffa

SHA256

d41c66a9160ce7f0dd0d1360d8b8339a8276fc30215f4623ca88d0efad319346

SHA512

2fa2ba7ebf5b624bcd30de80dd49763c1e787cf883ad6ab4a9e5ea286b0a40d4d317b4ba43f5a3e06d869b53f069ce030a793d6a3d7fc0b1e3998a6548253989

Tags

Signatures

  • Qakbot/Qbot

    Description

    Qbot or Qakbot is a sophisticated worm with banking capabilities.

    Tags

  • Blacklisted process makes network request

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run entry to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Privilege Escalation
                      Tasks

                      static1

                      behavioral2

                      8/10