qakbot | c9def02fd0b90810e1ac5af1906e461c8c1a5534ee19b5b2ce7aac77f2943b54 | Triage

Sharing

General

Target

document-1743692288.xls
Size

88KB
Sample

210218-pnw1z6fjv2
MD5

fa1f35763e1c13386feca469dd16a22b
SHA1

1cbfc5e62e085bba8366cc077dfc91923a8ceefd
SHA256

c9def02fd0b90810e1ac5af1906e461c8c1a5534ee19b5b2ce7aac77f2943b54
SHA512

31619aeebfdd1247252a9e3881c4ba5824b82558af2a814b1fe90b67b4403950f94f9ab02d968d30477031648cbf90c520b95f58f8beffa47952994a1c3b38dc

Score

10^/10

qakbot tr 1613385567 banker macro stealer trojan xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://miraclecollagen.co.za/ds/1802.gif

Extracted

Family

qakbot

Botnet

tr

Campaign

1613385567

C2

78.63.226.32:443

197.51.82.72:443

193.248.221.184:2222

95.77.223.148:443

71.199.192.62:443

77.211.30.202:995

80.227.5.69:443

77.27.204.204:995

81.97.154.100:443

173.184.119.153:995

38.92.225.121:443

81.150.181.168:2222

90.65.236.181:2222

83.110.103.152:443

73.153.211.227:443

188.25.63.105:443

89.137.211.239:995

202.188.138.162:443

98.173.34.212:995

87.202.87.210:2222

Targets

- Target
  
  document-1743692288.xls
- Size
  
  88KB
- MD5
  
  fa1f35763e1c13386feca469dd16a22b
- SHA1
  
  1cbfc5e62e085bba8366cc077dfc91923a8ceefd
- SHA256
  
  c9def02fd0b90810e1ac5af1906e461c8c1a5534ee19b5b2ce7aac77f2943b54
- SHA512
  
  31619aeebfdd1247252a9e3881c4ba5824b82558af2a814b1fe90b67b4403950f94f9ab02d968d30477031648cbf90c520b95f58f8beffa47952994a1c3b38dc
Score

10^/10

qakbot tr 1613385567 banker stealer trojan
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbottr1613385567bankerstealertrojan

behavioral2

qakbottr1613385567bankerstealertrojan