qakbot | d41c66a9160ce7f0dd0d1360d8b8339a8276fc30215f4623ca88d0efad319346 | Triage

Resubmissions

03-03-2020 15:44

200303-bdsch48nyx 10

03-03-2020 15:10

200303-v6kyhmnnrs 8

Sharing

General

Target

MSG_986000.vbs
Size

5.2MB
Sample

200303-bdsch48nyx
MD5

bb7fbcd342edcef5b43904fe867edc2c
SHA1

a6852667b3de27e6d6eb5820fd2d5267479bdffa
SHA256

d41c66a9160ce7f0dd0d1360d8b8339a8276fc30215f4623ca88d0efad319346
SHA512

2fa2ba7ebf5b624bcd30de80dd49763c1e787cf883ad6ab4a9e5ea286b0a40d4d317b4ba43f5a3e06d869b53f069ce030a793d6a3d7fc0b1e3998a6548253989

Score

10^/10

qakbot banker persistence stealer trojan

Malware Config

Targets

- Target
  
  MSG_986000.vbs
- Size
  
  5.2MB
- MD5
  
  bb7fbcd342edcef5b43904fe867edc2c
- SHA1
  
  a6852667b3de27e6d6eb5820fd2d5267479bdffa
- SHA256
  
  d41c66a9160ce7f0dd0d1360d8b8339a8276fc30215f4623ca88d0efad319346
- SHA512
  
  2fa2ba7ebf5b624bcd30de80dd49763c1e787cf883ad6ab4a9e5ea286b0a40d4d317b4ba43f5a3e06d869b53f069ce030a793d6a3d7fc0b1e3998a6548253989
Score

10^/10

trojan banker stealer qakbot persistence
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Adds Run entry to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

trojanbankerstealerqakbotpersistence

behavioral2