Overview

overview

10

Static

static

Export474.lnk

windows7-x64

3

Export474.lnk

windows10-2004-x64

10

Resubmissions

08-09-2022 20:37

220908-zemtlschgp 10

08-09-2022 18:56

220908-xleqgafcf5 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Export474.lnk

  • Size

    2KB

  • Sample

    220908-xleqgafcf5

  • MD5

    e3bd2b8ab3b2aa72f21d6b1aea8dd4e0

  • SHA1

    279b748f40cc8377d63b630c756c60644e9be89e

  • SHA256

    77fe3b85503872e252ee98f49c1491d7dfc7cb3579ff3771bd7ad59f68c0dc60

  • SHA512

    6aea0405c1eb507611c9ee21ac0ba0b8c2a719653ee1b644e015608ee5d3dae6a706f9b328b26ff3961cd7b690a9dfe1e6f6e30405d78c11efa08711f59b55cb

Score
10/10
qakbotbb1662647912bankerstealertrojan

Malware Config

Extracted

Family

qakbot

Version

403.860

Botnet

BB

Campaign

1662647912

C2

197.94.210.133:443

193.3.19.37:443

70.51.153.182:2222

99.232.140.205:2222

123.240.131.1:443

177.102.84.28:32101

105.156.152.227:443

190.59.247.136:995

89.211.218.88:2222

81.214.220.237:443

85.99.62.74:443

191.97.234.238:995

81.131.161.131:2078

217.165.68.122:993

219.69.103.199:443

37.210.148.30:995

64.207.215.69:443

113.169.57.104:443

179.225.221.169:32101

151.234.99.49:990
Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      Export474.lnk

    • Size

      2KB

    • MD5

      e3bd2b8ab3b2aa72f21d6b1aea8dd4e0

    • SHA1

      279b748f40cc8377d63b630c756c60644e9be89e

    • SHA256

      77fe3b85503872e252ee98f49c1491d7dfc7cb3579ff3771bd7ad59f68c0dc60

    • SHA512

      6aea0405c1eb507611c9ee21ac0ba0b8c2a719653ee1b644e015608ee5d3dae6a706f9b328b26ff3961cd7b690a9dfe1e6f6e30405d78c11efa08711f59b55cb

    Score
    10/10
    qakbotbb1662647912bankerstealertrojan

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks