Overview

overview

10

Static

static

9

dasfdsfsdf (1).exe

windows7_x64

10

dasfdsfsdf (1).exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dasfdsfsdf (1).exe

  • Size

    1.0MB

  • Sample

    201109-anda4zrhtj

  • MD5

    a7c930732560445a040bf5534d87013e

  • SHA1

    585d7cbb0dd5ae9a166f94949d2ac815b02fbc88

  • SHA256

    053f8d5670c666f54c76fc8f3273ed916b1c323bc1a6c71a13f9f02a4746a061

  • SHA512

    d1ac91f1cacb695d11c7e5d12bd50112a5b1790feec83ef21bb2cb1be7fe6ff0692c1d13779f99eb2e9a6713e34d47704bcd5829e2afb68f66fd00ad7aeead18

Score
10/10
qakbotspx1391591962820bankercryptoneevasionpackerstealertrojan

Malware Config

Extracted

Family

qakbot

Botnet

spx139

Campaign

1591962820

C2

98.16.204.189:995

88.158.199.95:443

24.102.235.160:995

96.18.240.158:443

67.165.206.193:995

81.103.144.77:443

184.180.157.203:2222

47.136.224.60:443

104.221.4.11:2222

203.33.138.230:443

72.204.242.138:20

75.137.239.211:443

74.215.201.122:443

41.228.201.162:443

92.29.5.162:995

108.30.125.94:443

207.255.161.8:2078

173.172.205.216:443

68.134.181.98:443

5.12.50.241:443

Targets

    • Target

      dasfdsfsdf (1).exe

    • Size

      1.0MB

    • MD5

      a7c930732560445a040bf5534d87013e

    • SHA1

      585d7cbb0dd5ae9a166f94949d2ac815b02fbc88

    • SHA256

      053f8d5670c666f54c76fc8f3273ed916b1c323bc1a6c71a13f9f02a4746a061

    • SHA512

      d1ac91f1cacb695d11c7e5d12bd50112a5b1790feec83ef21bb2cb1be7fe6ff0692c1d13779f99eb2e9a6713e34d47704bcd5829e2afb68f66fd00ad7aeead18

    Score
    10/10
    qakbotspx1391591962820bankercryptoneevasionpackerstealertrojan

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Turns off Windows Defender SpyNet reporting

      evasion

    • Windows security bypass

      evasiontrojan

    • CryptOne packer

      Detects CryptOne packer defined in NCC blogpost.

      cryptonepacker

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Disabling Security Tools

2
T1089

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks