Overview

overview

10

Static

static

doc/Valid155.lnk

windows7-x64

3

doc/Valid155.lnk

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1PEBef6q5Jo-31L8okUaLSOOpNlMj3LJIwqbzkX3q1U.bin

  • Size

    1KB

  • Sample

    220908-xmbp7sfcf7

  • MD5

    bc46eac659288033284542651f6aaf69

  • SHA1

    2af939641cc8bd3c4d5379bdbf93ae36648c1e4e

  • SHA256

    d4f10179feaae49a3fdf52fca2451a2d238ea4d94c8f72c9230a9bce45f7ab55

  • SHA512

    03a99fa3eb5f60f6ec46e3b05df89b7d33b34a404cbf213154b1265bee1a4cbe3c798b07768bf003bd7de0b9c6460f1b4a235eed93af06d8fec6bafabfb3266e

Score
10/10
qakbotbb1662647912bankerstealertrojan

Malware Config

Extracted

Family

qakbot

Version

403.860

Botnet

BB

Campaign

1662647912

C2

197.94.210.133:443

193.3.19.37:443

70.51.153.182:2222

99.232.140.205:2222

123.240.131.1:443

177.102.84.28:32101

105.156.152.227:443

190.59.247.136:995

89.211.218.88:2222

81.214.220.237:443

85.99.62.74:443

191.97.234.238:995

81.131.161.131:2078

217.165.68.122:993

219.69.103.199:443

37.210.148.30:995

64.207.215.69:443

113.169.57.104:443

179.225.221.169:32101

151.234.99.49:990
Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      doc/Valid155.lnk

    • Size

      2KB

    • MD5

      41c12342c2571e0030be5e2d167a836e

    • SHA1

      a54d3181fddc3ab15cb482865a255a74052c4e56

    • SHA256

      2b692ca392558fca23f219383cc7c23c4b3dca641a3e49c9b48f096df091273e

    • SHA512

      4aeb1575dd294455b9f585b618ce7d3526e771a5fc98ea22b3231c5cc253e9f3bd2e0adfc4aefe4f566d62955f2cfe565ea5099f19bea6b908490f2ec7d8a42e

    Score
    10/10
    qakbotbb1662647912bankerstealertrojan

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks