Overview

overview

10

Static

static

8

idea-1185148338.xlsb

windows7_x64

10

idea-1185148338.xlsb

windows10_x64

10

Resubmissions

21-06-2021 09:37

210621-nq689ac5xj 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    idea-1185148338.xlsb

  • Size

    154KB

  • Sample

    210621-nq689ac5xj

  • MD5

    27afd3cad0af041319da0785152d6685

  • SHA1

    357b33d0b5b467989ca396d48e1ecaff06285dad

  • SHA256

    60ef890d93dd9257cc04fa7b9f90ffe4371b32ae099f72868b681bc70d700835

  • SHA512

    02113d53d035af49469cb4a4358f8661d24435d201b487637448c23dc345bf6d53e01eca77c22fcdf211764c74671c887e730e1ae0ea661bd6683ac3b56e1e76

Score
10/10
qakbottr1623838126bankermacrostealertrojanxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://ssmdevelopers.in/4RaxIGAPtfPM/yu.html
xlm40.dropper

https://ramblerimport.com/hz4UhluT5au/yu.html

Extracted

Family

qakbot

Version

402.115

Botnet

tr

Campaign

1623838126

C2

144.139.47.206:443

105.198.236.101:443

136.232.34.70:443

90.65.234.26:2222

71.41.184.10:3389

98.192.185.86:443

184.185.103.157:443

24.179.77.236:443

81.97.154.100:443

186.144.33.73:443

96.253.46.210:443

213.122.113.120:443

47.22.148.6:443

149.28.99.97:995

45.63.107.192:2222

45.32.211.207:443

45.32.211.207:8443

149.28.98.196:995

45.63.107.192:995

45.77.115.208:443

Targets

    • Target

      idea-1185148338.xlsb

    • Size

      154KB

    • MD5

      27afd3cad0af041319da0785152d6685

    • SHA1

      357b33d0b5b467989ca396d48e1ecaff06285dad

    • SHA256

      60ef890d93dd9257cc04fa7b9f90ffe4371b32ae099f72868b681bc70d700835

    • SHA512

      02113d53d035af49469cb4a4358f8661d24435d201b487637448c23dc345bf6d53e01eca77c22fcdf211764c74671c887e730e1ae0ea661bd6683ac3b56e1e76

    Score
    10/10
    qakbottr1623838126bankerstealertrojan

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks