Overview

overview

10

Static

static

8

document-1...73.xls

windows7_x64

10

document-1...73.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    projected (89).zip

  • Size

    271KB

  • Sample

    210218-4cx1dc1len

  • MD5

    e5dbf7fa07c8cb9e99f689db5c02f3a7

  • SHA1

    c6d0cb2f202fdf9852915169c35e72a2ff874d69

  • SHA256

    1be5e5956b4ff0ecedd0598bee4cbbeeb9600bab9e3e8c17d19611f3b2304df4

  • SHA512

    9b16bb62b2336db3ee30e87e2389a9058cea665d720e83d6866b9e292a382ca0ec77f59ce00b34a5c1b8a2934b0d46b07036c3887563f264d50a66452df8737f

Score
10/10
qakbottr1613385567bankermacrostealertrojanxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://intellectsmart.in/ds/1702.gif

Extracted

Family

qakbot

Botnet

tr

Campaign

1613385567

C2

78.63.226.32:443

197.51.82.72:443

193.248.221.184:2222

95.77.223.148:443

71.199.192.62:443

77.211.30.202:995

80.227.5.69:443

77.27.204.204:995

81.97.154.100:443

173.184.119.153:995

38.92.225.121:443

81.150.181.168:2222

90.65.236.181:2222

83.110.103.152:443

73.153.211.227:443

188.25.63.105:443

89.137.211.239:995

202.188.138.162:443

98.173.34.212:995

87.202.87.210:2222

Targets

    • Target

      document-1635070073.xls

    • Size

      315KB

    • MD5

      02227147892dd637f55400d403db13c6

    • SHA1

      874754d9adfd6e885895ee22664158f4219206ce

    • SHA256

      9d4fb98c4a4a855be6c7c0834c13b1eb3fea3142f2b60f6d2115a4bdf5545381

    • SHA512

      09bf70306ad21a7e542128f92fe36f7fa84797ca26295bb410ad310c5f0be365daf95bca1515bb5ebb0cf093719d778c105623943bca2a767d8a8d0293bb824c

    Score
    10/10
    qakbottr1613385567bankerstealertrojan

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

3
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks