Overview

overview

10

Static

static

8

quakbot_modified.xlsb

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    quakbot_modified.xls

  • Size

    233KB

  • Sample

    230301-1kcfhahh3y

  • MD5

    ce044d6bb758a9828ebcf4edeb4b1673

  • SHA1

    1ac9e749d2d7cefa25be6414848dbc6bc4a45924

  • SHA256

    20d33b79e5c5fceee471966035b5d60d8b09e62b8024c34688c864c576d271ff

  • SHA512

    133b1be9d1507728580d10324ab4d743345ab97a7951a3e21f52f5e68e13680ba1e3a34b3d1060f199b3015db45da91e73b83eee68874cc59b14f2a9352ae1e5

  • SSDEEP

    3072:hTzlaz6kqB/EsWcXCJGbtyntvHGiYMnIOwKSIYFUQRLmTDBwszHbcOQafZDT9e:hzb5nRXCw+DnIdFUKmTDBwsz7c1yDI

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://insomnihack.ch
xlm40.dropper

http:

Targets

    • Target

      quakbot_modified.xls

    • Size

      233KB

    • MD5

      ce044d6bb758a9828ebcf4edeb4b1673

    • SHA1

      1ac9e749d2d7cefa25be6414848dbc6bc4a45924

    • SHA256

      20d33b79e5c5fceee471966035b5d60d8b09e62b8024c34688c864c576d271ff

    • SHA512

      133b1be9d1507728580d10324ab4d743345ab97a7951a3e21f52f5e68e13680ba1e3a34b3d1060f199b3015db45da91e73b83eee68874cc59b14f2a9352ae1e5

    • SSDEEP

      3072:hTzlaz6kqB/EsWcXCJGbtyntvHGiYMnIOwKSIYFUQRLmTDBwszHbcOQafZDT9e:hzb5nRXCw+DnIdFUKmTDBwsz7c1yDI

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks