Overview

overview

10

Static

static

46747509_b...is.xls

windows7_x64

10

46747509_b...is.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    46747509_by_Libranalysis

  • Size

    367KB

  • Sample

    210512-s95kmamwbe

  • MD5

    46747509aca01f63274d3edfeddb787b

  • SHA1

    8bcb09a42a62453b9437915442ce981896cb4de7

  • SHA256

    00da3dfab496ea65873d53636db189ed7bd46f502386cb014876a75d71d6869b

  • SHA512

    490f689c0b47303a7fc96756347df946a953288dec82250503d5057cb35f1173f59b6125943dec8f9590fd3e31b9528dfeea0b258f1eedaeba52358e27702c7b

Score
10/10
qakbottr1619706851bankerstealertrojan

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://signifysystem.com/ceg7AX7oN0o/ue.html
xlm40.dropper

https://fcventasyservicios.cl/k60jvjcT/ue.html

Extracted

Family

qakbot

Version

402.68

Botnet

tr

Campaign

1619706851

C2

24.117.107.120:443

190.85.91.154:443

72.252.201.69:443

189.210.115.207:443

71.41.184.10:3389

81.97.154.100:443

50.29.166.232:995

140.82.49.12:443

75.137.47.174:443

71.74.12.34:443

73.25.124.140:2222

149.28.99.97:2222

45.77.115.208:2222

45.32.211.207:995

207.246.116.237:443

149.28.99.97:443

207.246.77.75:443

149.28.98.196:995

207.246.116.237:2222

45.77.115.208:8443

Targets

    • Target

      46747509_by_Libranalysis

    • Size

      367KB

    • MD5

      46747509aca01f63274d3edfeddb787b

    • SHA1

      8bcb09a42a62453b9437915442ce981896cb4de7

    • SHA256

      00da3dfab496ea65873d53636db189ed7bd46f502386cb014876a75d71d6869b

    • SHA512

      490f689c0b47303a7fc96756347df946a953288dec82250503d5057cb35f1173f59b6125943dec8f9590fd3e31b9528dfeea0b258f1eedaeba52358e27702c7b

    Score
    10/10
    qakbottr1619706851bankerstealertrojan

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks