Overview

overview

10

Static

static

8

file.xls

windows7_x64

10

file.xls

windows10_x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file

  • Size

    43KB

  • Sample

    201208-nwn7fc2dss

  • MD5

    596d8f44c22d0770acc34e6ae5ac1b62

  • SHA1

    f007479e9ed2526a8c0f9d25251c0ea4a0568ca7

  • SHA256

    7e927e013a901b90ef8f96af25e39d4fedc6ba6f64785a3e8290a4c2bd2c5d51

  • SHA512

    964c5840b004283df7dd9c6fddb8a9ca88508d1acf798cd33b24f5f438fda6cf5508bc34972cf07c8eb5f9110cbc624d3848e839a2688829a4ddace8f33b92c4

Score
10/10
qakbotabc108m1607356318bankermacrostealertrojan

Malware Config

Extracted

Family

qakbot

Botnet

abc108m

Campaign

1607356318

C2

92.59.35.196:2083

2.89.122.180:995

78.181.19.134:443

5.193.175.76:2078

24.139.72.117:443

62.38.114.12:2222

2.51.240.250:995

174.62.13.151:443

189.210.115.207:443

71.197.126.250:443

187.7.236.197:995

187.149.126.53:443

96.247.180.108:443

174.55.197.4:443

187.190.250.175:443

24.206.4.203:2222

72.36.11.22:443

197.135.240.243:443

216.137.142.200:2222

160.3.184.253:443

Targets

    • Target

      file

    • Size

      43KB

    • MD5

      596d8f44c22d0770acc34e6ae5ac1b62

    • SHA1

      f007479e9ed2526a8c0f9d25251c0ea4a0568ca7

    • SHA256

      7e927e013a901b90ef8f96af25e39d4fedc6ba6f64785a3e8290a4c2bd2c5d51

    • SHA512

      964c5840b004283df7dd9c6fddb8a9ca88508d1acf798cd33b24f5f438fda6cf5508bc34972cf07c8eb5f9110cbc624d3848e839a2688829a4ddace8f33b92c4

    Score
    10/10
    qakbotabc108m1607356318bankerstealertrojan

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Loads dropped DLL

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks