Overview

overview

10

Static

static

8

Document_1...py.xls

windows7_x64

1

Document_1...py.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Document_1028174287-Copy.xls

  • Size

    54KB

  • Sample

    201214-amarewlhk2

  • MD5

    08037f2bf6b8fe9ae8c245903af45729

  • SHA1

    2836aa101a02a284c6df9ed17bd092f25c34f80f

  • SHA256

    586bd4e1f5f41569b260ce6cc6b5243bee2209c35915d1a3050cf4196c6133eb

  • SHA512

    2e0ffec3933f66b623e2eded690497115f251036d282dc915721b61175164eeb0573a1c4706b1f84453c9286ff1b8c3f7a1756fdd41d532dcf8e9dc24c22dc1e

Score
10/10
qakbotabc1121607942962bankermacrostealertrojan

Malware Config

Extracted

Family

qakbot

Botnet

abc112

Campaign

1607942962

C2

66.26.160.37:443

84.78.128.76:2222

45.250.69.150:443

108.31.15.10:995

50.244.112.10:995

47.146.34.236:443

24.95.61.62:443

31.5.21.66:995

59.99.37.134:443

79.115.134.161:443

39.57.127.126:995

120.151.95.167:443

47.44.217.98:443

32.212.117.188:443

37.21.231.245:995

184.97.145.239:443

86.121.3.80:443

83.110.97.149:443

83.194.193.247:2222

78.101.158.1:61201

Targets

    • Target

      Document_1028174287-Copy.xls

    • Size

      54KB

    • MD5

      08037f2bf6b8fe9ae8c245903af45729

    • SHA1

      2836aa101a02a284c6df9ed17bd092f25c34f80f

    • SHA256

      586bd4e1f5f41569b260ce6cc6b5243bee2209c35915d1a3050cf4196c6133eb

    • SHA512

      2e0ffec3933f66b623e2eded690497115f251036d282dc915721b61175164eeb0573a1c4706b1f84453c9286ff1b8c3f7a1756fdd41d532dcf8e9dc24c22dc1e

    Score
    10/10
    qakbotabc1121607942962bankerstealertrojan

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

3
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks