Overview

overview

10

Static

static

galadriel

windows7_x64

10

Resubmissions

19-05-2020 13:04

200519-7d9ja2krwe 10

19-05-2020 12:28

200519-4h8rvftfme 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Darlehensvertrag_42816504192_15052020.vbs

  • Size

    36.2MB

  • Sample

    200519-7d9ja2krwe

  • MD5

    e44fb6c9a050ae7ef4b55cce6a71cdcd

  • SHA1

    dd77b217e503fddaf28bb60b6e3280a692807976

  • SHA256

    c888b058cd85352ec803eb2a6e78bef567b844e9982176efbcd7074982a760de

  • SHA512

    9524cdd296cb89eb1cc8a160a62337a908990aa1e6d84b0e51c1827bec705331f458c0713d64cfe221a55ad32331db74a8e9ff4a356d6b2fb515b464e3804ab5

Score
10/10
qakbotspx1211589802571bankerevasionstealertrojan

Malware Config

Extracted

Family

qakbot

Botnet

spx121

Campaign

1589802571

C2

72.209.191.27:443

72.204.242.138:443

47.202.98.230:443

72.204.242.138:465

96.35.170.82:2222

96.56.237.174:465

65.60.228.130:443

76.187.8.160:443

79.101.206.85:995

64.19.74.29:995

84.117.60.157:443

94.176.128.176:443

72.204.242.138:32102

187.155.61.44:443

72.204.242.138:443

73.163.242.114:443

86.127.7.148:21

76.187.97.98:2222

82.178.63.31:443

174.52.64.212:443

Targets

    • Target

      Darlehensvertrag_42816504192_15052020.vbs

    • Size

      36.2MB

    • MD5

      e44fb6c9a050ae7ef4b55cce6a71cdcd

    • SHA1

      dd77b217e503fddaf28bb60b6e3280a692807976

    • SHA256

      c888b058cd85352ec803eb2a6e78bef567b844e9982176efbcd7074982a760de

    • SHA512

      9524cdd296cb89eb1cc8a160a62337a908990aa1e6d84b0e51c1827bec705331f458c0713d64cfe221a55ad32331db74a8e9ff4a356d6b2fb515b464e3804ab5

    Score
    10/10
    evasiontrojanbankerstealerqakbot

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Windows security bypass

      evasiontrojan

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Turns off Windows Defender SpyNet reporting

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Disabling Security Tools

2
T1089

Modify Registry

2
T1112

Credential Access

Discovery

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks