Overview

overview

10

Static

static

9

88888888.exe

windows7_x64

10

88888888.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    88888888

  • Size

    1.2MB

  • Sample

    201109-n41s6xjqqa

  • MD5

    086a4a65d3ea48a2e4e069ae1002335b

  • SHA1

    ae0751887692ce6537f05c37dbe811eaa2f56a75

  • SHA256

    f392fec11d15f4c5ca3f5c340c28e99bd19f99d59422b5598fd818be653502bb

  • SHA512

    1655b6bd0b9a6047f6ba60fab8c37515b70b2b039129033ad3452cadeb6f4b05bf7b750ba7e39392b53daf4cb145ab9fdee863dc981c5121dafa3564dcb847bc

Score
10/10
qakbotspx1371591786935bankercryptoneevasionpackerstealertrojan

Malware Config

Extracted

Family

qakbot

Botnet

spx137

Campaign

1591786935

C2

31.5.116.167:443

69.40.17.142:443

151.73.124.242:443

193.248.44.2:2222

188.26.249.181:443

96.41.93.96:443

46.214.86.217:443

62.121.123.57:443

66.76.105.152:443

197.165.229.113:443

173.175.29.210:443

172.242.156.50:995

5.15.237.243:443

80.240.26.178:443

209.59.86.138:443

31.5.21.66:443

105.100.59.144:443

108.30.125.94:443

67.250.184.157:443

47.146.169.85:443

Targets

    • Target

      88888888

    • Size

      1.2MB

    • MD5

      086a4a65d3ea48a2e4e069ae1002335b

    • SHA1

      ae0751887692ce6537f05c37dbe811eaa2f56a75

    • SHA256

      f392fec11d15f4c5ca3f5c340c28e99bd19f99d59422b5598fd818be653502bb

    • SHA512

      1655b6bd0b9a6047f6ba60fab8c37515b70b2b039129033ad3452cadeb6f4b05bf7b750ba7e39392b53daf4cb145ab9fdee863dc981c5121dafa3564dcb847bc

    Score
    10/10
    qakbotspx1371591786935bankercryptoneevasionpackerstealertrojan

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Turns off Windows Defender SpyNet reporting

      evasion

    • Windows security bypass

      evasiontrojan

    • CryptOne packer

      Detects CryptOne packer defined in NCC blogpost.

      cryptonepacker

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Disabling Security Tools

2
T1089

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks