Overview

overview

10

Static

static

8

120 seconds - Win. 10

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    information (93).xls

  • Size

    320KB

  • Sample

    210204-le9t3vs4gj

  • MD5

    3cc237fd87987968d9830a125b9f8ded

  • SHA1

    3c57c67646bfcf338b04192d7043357ddb4d72b1

  • SHA256

    2f50dc749600c23ef5faa7c5a4598047575cc6d3bd379afa49ba7b1272be8561

  • SHA512

    32747880798621c71cb146047ceb971623bbc13267aae38a158c7548b80c9ec61cdeadbc3c9ddfbfd888011f2b973b2bbec45037251bfd67c0f4a8b7c3e866a2

Score
10/10
qakbottr1612175155bankermacrostealertrojanxlm

Malware Config

Extracted

Family

qakbot

Botnet

tr

Campaign

1612175155

C2

89.3.198.238:443

172.78.30.215:443

85.52.72.32:2222

76.110.113.71:995

106.51.52.111:443

75.67.192.125:443

172.115.177.204:2222

197.45.110.165:995

82.76.47.211:443

45.77.115.208:443

45.32.211.207:443

144.202.38.185:443

207.246.116.237:995

149.28.101.90:995

149.28.101.90:8443

207.246.116.237:8443

144.202.38.185:2222

45.32.211.207:8443

149.28.101.90:443

149.28.101.90:2222

Targets

    • Target

      information (93).xls

    • Size

      320KB

    • MD5

      3cc237fd87987968d9830a125b9f8ded

    • SHA1

      3c57c67646bfcf338b04192d7043357ddb4d72b1

    • SHA256

      2f50dc749600c23ef5faa7c5a4598047575cc6d3bd379afa49ba7b1272be8561

    • SHA512

      32747880798621c71cb146047ceb971623bbc13267aae38a158c7548b80c9ec61cdeadbc3c9ddfbfd888011f2b973b2bbec45037251bfd67c0f4a8b7c3e866a2

    Score
    10/10
    qakbottr1612175155bankerstealertrojan

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Loads dropped DLL

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

3
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks