document-1743692288.xls

Target

Size

88KB

Sample

210218-pnw1z6fjv2

Score

10 ^/10

MD5

fa1f35763e1c13386feca469dd16a22b

SHA1

1cbfc5e62e085bba8366cc077dfc91923a8ceefd

SHA256

c9def02fd0b90810e1ac5af1906e461c8c1a5534ee19b5b2ce7aac77f2943b54

SHA512

31619aeebfdd1247252a9e3881c4ba5824b82558af2a814b1fe90b67b4403950f94f9ab02d968d30477031648cbf90c520b95f58f8beffa47952994a1c3b38dc

qakbot tr 1613385567 banker macro stealer trojan xlm

Extracted

Language	xlm4.0
Source
URLs	https://miraclecollagen.co.za/ds/1802.gif xlm40.dropper https://miraclecollagen.co.za/ds/1802.gif

Extracted

Family	qakbot
Botnet	tr
Campaign	1613385567
C2	78.63.226.32:443 197.51.82.72:443 193.248.221.184:2222 95.77.223.148:443 71.199.192.62:443 77.211.30.202:995 80.227.5.69:443 77.27.204.204:995 81.97.154.100:443 173.184.119.153:995 38.92.225.121:443 81.150.181.168:2222 90.65.236.181:2222 83.110.103.152:443 73.153.211.227:443 188.25.63.105:443 89.137.211.239:995 202.188.138.162:443 98.173.34.212:995 87.202.87.210:2222 195.12.154.8:443 47.217.24.69:6881 182.48.193.200:443 108.160.123.244:443 96.57.188.174:2222 45.118.216.157:443 84.72.35.226:443 172.115.177.204:2222 86.236.77.68:2222 82.127.125.209:990 176.181.247.197:443 97.69.160.4:2222 90.101.117.122:2222 189.223.201.91:443 140.82.49.12:443 2.7.69.217:2222 83.110.12.140:2222 85.132.36.111:2222 197.45.110.165:995 149.28.99.97:995 45.63.107.192:2222 149.28.98.196:2222 149.28.99.97:2222 144.202.38.185:443 149.28.99.97:443 45.63.107.192:443 45.63.107.192:995 144.202.38.185:2222 149.28.101.90:995 149.28.101.90:2222 149.28.101.90:8443 45.32.211.207:8443 149.28.98.196:995 149.28.98.196:443 45.32.211.207:995 149.28.101.90:443 207.246.77.75:443 45.77.115.208:8443 207.246.77.75:995 207.246.77.75:2222 45.32.211.207:2222 45.32.211.207:443 45.77.115.208:995 144.202.38.185:995 45.77.115.208:2222 207.246.116.237:8443 207.246.116.237:2222 207.246.77.75:8443 207.246.116.237:995 207.246.116.237:443 45.77.117.108:443 45.77.117.108:995 45.77.117.108:8443 45.77.117.108:2222 45.77.115.208:443 89.3.198.238:443 2.232.253.79:995 73.25.124.140:2222 136.232.34.70:443 157.131.108.180:443 217.133.54.140:32100 195.43.173.70:443 86.98.93.124:2078 176.205.222.30:2078 105.96.8.96:443 50.29.166.232:995 27.223.92.142:995 119.153.62.76:3389 47.187.115.228:443 67.6.12.4:443 65.27.228.247:443 23.240.70.80:995 216.201.162.158:443 139.216.137.189:995 64.121.114.87:443 79.129.121.81:995 172.87.157.235:3389 75.118.1.141:443 75.136.26.147:443 96.250.60.138:443 50.244.112.106:443 115.133.243.6:443 47.196.192.184:443 45.46.53.140:2222 105.198.236.101:443 144.139.166.18:443 196.151.252.84:443 71.197.126.250:443 196.221.207.137:995 71.117.132.169:443 74.68.144.202:443 76.25.142.196:443 98.240.24.57:443 144.139.47.206:443 86.245.46.27:2222 173.21.10.71:2222 78.97.207.104:443 86.220.60.133:2222 69.245.102.225:443 94.53.92.42:443 71.74.12.34:443 84.247.55.190:8443 173.25.45.66:443 46.153.55.149:995 78.22.58.205:3389 105.198.236.99:443 24.152.219.253:995 82.76.47.211:443 189.223.234.23:995 96.37.113.36:993 47.187.74.181:443 50.25.89.74:443 174.104.31.209:443 199.19.117.131:443 201.143.235.13:443 189.146.183.105:443 181.48.190.78:443 189.223.97.175:443 47.22.148.6:443 173.70.165.101:995 74.222.204.82:995 75.67.192.125:443 32.210.98.6:443 106.51.52.111:443 59.90.246.200:443 70.49.88.199:2222 186.28.51.27:443 98.252.118.134:443 209.210.187.52:995 189.210.115.207:443 78.63.226.32:443 197.51.82.72:443 193.248.221.184:2222 95.77.223.148:443 71.199.192.62:443 77.211.30.202:995 80.227.5.69:443 77.27.204.204:995 81.97.154.100:443 173.184.119.153:995 38.92.225.121:443 81.150.181.168:2222 90.65.236.181:2222 83.110.103.152:443 73.153.211.227:443 188.25.63.105:443 89.137.211.239:995 202.188.138.162:443 98.173.34.212:995 87.202.87.210:2222 195.12.154.8:443 47.217.24.69:6881 182.48.193.200:443 108.160.123.244:443 96.57.188.174:2222 45.118.216.157:443 84.72.35.226:443 172.115.177.204:2222 86.236.77.68:2222 82.127.125.209:990 176.181.247.197:443 97.69.160.4:2222 90.101.117.122:2222 189.223.201.91:443 140.82.49.12:443 2.7.69.217:2222 83.110.12.140:2222 85.132.36.111:2222 197.45.110.165:995 149.28.99.97:995 45.63.107.192:2222 149.28.98.196:2222 149.28.99.97:2222 144.202.38.185:443 149.28.99.97:443 45.63.107.192:443 45.63.107.192:995 144.202.38.185:2222 149.28.101.90:995 149.28.101.90:2222 149.28.101.90:8443 45.32.211.207:8443 149.28.98.196:995 149.28.98.196:443 45.32.211.207:995 149.28.101.90:443 207.246.77.75:443 45.77.115.208:8443 207.246.77.75:995 207.246.77.75:2222 45.32.211.207:2222 45.32.211.207:443 45.77.115.208:995 144.202.38.185:995 45.77.115.208:2222 207.246.116.237:8443 207.246.116.237:2222 207.246.77.75:8443 207.246.116.237:995 207.246.116.237:443 45.77.117.108:443 45.77.117.108:995 45.77.117.108:8443 45.77.117.108:2222 45.77.115.208:443 89.3.198.238:443 2.232.253.79:995 73.25.124.140:2222 136.232.34.70:443 157.131.108.180:443 217.133.54.140:32100 195.43.173.70:443 86.98.93.124:2078 176.205.222.30:2078 105.96.8.96:443 50.29.166.232:995 27.223.92.142:995 119.153.62.76:3389 47.187.115.228:443 67.6.12.4:443 65.27.228.247:443 23.240.70.80:995 216.201.162.158:443 139.216.137.189:995 64.121.114.87:443 79.129.121.81:995 172.87.157.235:3389 75.118.1.141:443 75.136.26.147:443 96.250.60.138:443 50.244.112.106:443 115.133.243.6:443 47.196.192.184:443 45.46.53.140:2222 105.198.236.101:443 144.139.166.18:443 196.151.252.84:443 71.197.126.250:443 196.221.207.137:995 71.117.132.169:443 74.68.144.202:443 76.25.142.196:443 98.240.24.57:443 144.139.47.206:443 86.245.46.27:2222 173.21.10.71:2222 78.97.207.104:443 86.220.60.133:2222 69.245.102.225:443 94.53.92.42:443 71.74.12.34:443 84.247.55.190:8443 173.25.45.66:443 46.153.55.149:995 78.22.58.205:3389 105.198.236.99:443 24.152.219.253:995 82.76.47.211:443 189.223.234.23:995 96.37.113.36:993 47.187.74.181:443 50.25.89.74:443 174.104.31.209:443 199.19.117.131:443 201.143.235.13:443 189.146.183.105:443 181.48.190.78:443 189.223.97.175:443 47.22.148.6:443 173.70.165.101:995 74.222.204.82:995 75.67.192.125:443 32.210.98.6:443 106.51.52.111:443 59.90.246.200:443 70.49.88.199:2222 186.28.51.27:443 98.252.118.134:443 209.210.187.52:995 189.210.115.207:443

Target

document-1743692288.xls

MD5

fa1f35763e1c13386feca469dd16a22b

Filesize

88KB

Score

10 ^/10

SHA1

1cbfc5e62e085bba8366cc077dfc91923a8ceefd

SHA256

c9def02fd0b90810e1ac5af1906e461c8c1a5534ee19b5b2ce7aac77f2943b54

SHA512

31619aeebfdd1247252a9e3881c4ba5824b82558af2a814b1fe90b67b4403950f94f9ab02d968d30477031648cbf90c520b95f58f8beffa47952994a1c3b38dc

Signatures

Process spawned unexpected child process

Description

This typically indicates the parent process was compromised via an exploit or macro.
Qakbot/Qbot

Description

Qbot or Qakbot is a sophisticated worm with banking capabilities.

Tags

trojan banker stealer qakbot
Loads dropped DLL

Related Tasks

behavioral1 behavioral2

Collection

Command and Control

Credential Access

Defense Evasion

Modify Registry

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Scheduled Task

Privilege Escalation

static1

macro xlm

8^/10

behavioral1

qakbot tr 1613385567 banker stealer trojan

10^/10

behavioral2

qakbot tr 1613385567 banker stealer trojan

10^/10

Extracted

Extracted

Tags

Signatures

Process spawned unexpected child process

Description

Qakbot/Qbot

Description

Tags

Loads dropped DLL

Related Tasks

static1

behavioral1

behavioral2