Overview

overview

10

Static

static

catalog-20...26.xls

windows7_x64

10

catalog-20...26.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    catalog-2032366526.xls

  • Size

    367KB

  • Sample

    210512-xvelw76rqn

  • MD5

    090811fa4bbb26277eebc82843f3d70e

  • SHA1

    135d07236adba8e6441c72df1b7f2c459505583c

  • SHA256

    11dad18ad216bbbf97891c947ef3b70acd0c5a9a0ce80a9f5c4bcaecd7275164

  • SHA512

    469ec22e3b2e86bdc5f6d32e3e299ee69f0d12620c0f7486361f19258e7900b3892c8a5d2b1257bdd0188cbe5f9bae7e489dd3f4f17cd5cd81b69abdfa7738d0

Score
10/10
qakbottr1619706851bankerstealertrojan

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://signifysystem.com/ceg7AX7oN0o/ue.html
xlm40.dropper

https://fcventasyservicios.cl/k60jvjcT/ue.html

Extracted

Family

qakbot

Version

402.68

Botnet

tr

Campaign

1619706851

C2

24.117.107.120:443

190.85.91.154:443

72.252.201.69:443

189.210.115.207:443

71.41.184.10:3389

81.97.154.100:443

50.29.166.232:995

140.82.49.12:443

75.137.47.174:443

71.74.12.34:443

73.25.124.140:2222

149.28.99.97:2222

45.77.115.208:2222

45.32.211.207:995

207.246.116.237:443

149.28.99.97:443

207.246.77.75:443

149.28.98.196:995

207.246.116.237:2222

45.77.115.208:8443

Targets

    • Target

      catalog-2032366526.xls

    • Size

      367KB

    • MD5

      090811fa4bbb26277eebc82843f3d70e

    • SHA1

      135d07236adba8e6441c72df1b7f2c459505583c

    • SHA256

      11dad18ad216bbbf97891c947ef3b70acd0c5a9a0ce80a9f5c4bcaecd7275164

    • SHA512

      469ec22e3b2e86bdc5f6d32e3e299ee69f0d12620c0f7486361f19258e7900b3892c8a5d2b1257bdd0188cbe5f9bae7e489dd3f4f17cd5cd81b69abdfa7738d0

    Score
    10/10
    qakbottr1619706851bankerstealertrojan

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks