Overview

overview

10

Static

static

Kiki

windows7_x64

10

Resubmissions

15-09-2020 08:19

200915-2p9e2smpvs 10

18-02-2020 20:06

200218-tmyfj5xvw6 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    444444.exe

  • Size

    340KB

  • Sample

    200915-2p9e2smpvs

  • MD5

    36af3d937d99c46cd829957af7f37886

  • SHA1

    6901f63c7339374c0c1b499f593b0a7520c2e266

  • SHA256

    871371ff7eb668d8281e8a01af78e4f037f5204311e996b7a133e0d5c51a612e

  • SHA512

    2cf1464e7fe0645dbc2b9b6e0b158c512ffc8fa9d3b1ba5f10fdefdd3674d69a5a36c7be74b9468d6af9a62972728b13f62e43c3ccb7386e5c415d5d05608e5d

Score
10/10
qakbotspx601580735907bankerpersistencestealertrojan

Malware Config

Extracted

Family

qakbot

Botnet

spx60

Campaign

1580735907

C2

108.54.103.234:443

104.33.237.6:443

75.70.218.193:443

72.68.30.127:443

217.162.149.212:443

64.203.122.88:995

35.134.202.234:443

100.4.185.8:443

111.125.70.30:2222

47.146.169.85:443

72.29.181.77:2078

67.200.146.98:2222

71.30.56.170:443

119.235.99.3:995

5.182.39.156:443

75.71.77.59:443

35.139.67.136:443

67.85.184.59:2222

69.246.151.5:443

98.199.226.41:443

Targets

    • Target

      444444.exe

    • Size

      340KB

    • MD5

      36af3d937d99c46cd829957af7f37886

    • SHA1

      6901f63c7339374c0c1b499f593b0a7520c2e266

    • SHA256

      871371ff7eb668d8281e8a01af78e4f037f5204311e996b7a133e0d5c51a612e

    • SHA512

      2cf1464e7fe0645dbc2b9b6e0b158c512ffc8fa9d3b1ba5f10fdefdd3674d69a5a36c7be74b9468d6af9a62972728b13f62e43c3ccb7386e5c415d5d05608e5d

    Score
    10/10
    trojanbankerstealerqakbotpersistence

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks