General
-
Target
qbot.xlsm
-
Size
196KB
-
Sample
210513-ejk4laz9da
-
MD5
ae952edbe112bfdf041a56c122b46ce8
-
SHA1
84186fa9143637631660e1e07bb52d9f185c802a
-
SHA256
54526dc62ff67f8e2ab376741000d52f709c7391dd961f2c11742250c57a127b
-
SHA512
33e1c29dbc5059a0cea328c514a5819b6bc42474f4d9da50207f011719961779221042597adc9caa30d36abc2ee90e85091ddcd3d77d19ca95d387b3105911af
Behavioral task
behavioral1
Sample
qbot.xlsm
Resource
win7v20210410
Behavioral task
behavioral2
Sample
qbot.xlsm
Resource
win10v20210410
Malware Config
Extracted
http://194.67.203.207/44329.5857111111.dat
http://185.82.217.23/44329.5857111111.dat
http://45.67.230.131/44329.5857111111.dat
Targets
-
-
Target
qbot.xlsm
-
Size
196KB
-
MD5
ae952edbe112bfdf041a56c122b46ce8
-
SHA1
84186fa9143637631660e1e07bb52d9f185c802a
-
SHA256
54526dc62ff67f8e2ab376741000d52f709c7391dd961f2c11742250c57a127b
-
SHA512
33e1c29dbc5059a0cea328c514a5819b6bc42474f4d9da50207f011719961779221042597adc9caa30d36abc2ee90e85091ddcd3d77d19ca95d387b3105911af
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-