Overview

overview

10

Static

static

362e568558...f5.msi

windows7-x64

10

362e568558...f5.msi

windows10-2004-x64

10

Resubmissions

15-07-2022 15:01

220715-sd2g2sbeg4 10

13-07-2022 23:35

220713-3kzl5sfee4 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    362e56855844fb2be3dfae4b566ab676f6ec681fad1c1a2e8eb6d245d56b83f5

  • Size

    676KB

  • Sample

    220715-sd2g2sbeg4

  • MD5

    a0d132cdc67c29abf79ecf455c4a4e25

  • SHA1

    2b278de35e52d695b27e1c880d35db04daa982bf

  • SHA256

    362e56855844fb2be3dfae4b566ab676f6ec681fad1c1a2e8eb6d245d56b83f5

  • SHA512

    645d2e3a168667de44d04756f48fe1d7d6581efc0755dccd72f6e09e603300783777b3b3376bb0d2bfab4c1ad3d239845eb606acffc3ea4ea4261d451c427ddf

Score
10/10
qakbotvip011657721813bankerstealertrojan

Malware Config

Extracted

Family

qakbot

Version

403.780

Botnet

vip01

Campaign

1657721813

C2

67.209.195.198:443

63.143.92.99:995

148.64.96.100:443

72.252.157.93:990

72.252.157.93:995

89.101.97.139:443

76.25.142.196:443

47.180.172.159:443

67.165.206.193:993

32.221.224.140:995

70.46.220.114:443

176.45.218.138:995

174.69.215.101:443

24.54.48.11:443

86.97.10.37:443

81.158.239.251:2078

37.34.253.233:443

120.150.218.241:995

186.90.153.162:2222

38.70.253.226:2222
Attributes
  • salt

    jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

    • Target

      362e56855844fb2be3dfae4b566ab676f6ec681fad1c1a2e8eb6d245d56b83f5

    • Size

      676KB

    • MD5

      a0d132cdc67c29abf79ecf455c4a4e25

    • SHA1

      2b278de35e52d695b27e1c880d35db04daa982bf

    • SHA256

      362e56855844fb2be3dfae4b566ab676f6ec681fad1c1a2e8eb6d245d56b83f5

    • SHA512

      645d2e3a168667de44d04756f48fe1d7d6581efc0755dccd72f6e09e603300783777b3b3376bb0d2bfab4c1ad3d239845eb606acffc3ea4ea4261d451c427ddf

    Score
    10/10
    qakbotvip011657721813bankerstealertrojan

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

3
T1012

Peripheral Device Discovery

2
T1120

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks