Overview

overview

10

Static

static

8

quakbot_fi...d.xlsb

windows7-x64

10

quakbot_fi...d.xlsb

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    quakbot_final_unprotected_modified.xlsb

  • Size

    232KB

  • Sample

    230305-xnhj5sgf5x

  • MD5

    322ff8c05e66a73cc08d5b6c42516688

  • SHA1

    6055b6a8e199148210fd89dda63c2fd370da05d0

  • SHA256

    ca9942948788e3ee645cab81b10713bc8f5a051bd00e6eb9be717b38d0a199ca

  • SHA512

    da9c5ef7a0a8db1beac329b98f0e1befa420558e932ee781975b1e1c96af955e3ff1c8e5f46b75557136a106ca2f43bce50d090a565f73507bf34f3b2b756af2

  • SSDEEP

    3072:16wcOaz6kqB/EsWcXCJGbtyntvHGiYMnIOwKSIYFUQRLmTDBwszHbcOQafZD2dd:16wh5nRXCw+DnIdFUKmTDBwsz7c1yDQd

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source

Targets

    • Target

      quakbot_final_unprotected_modified.xlsb

    • Size

      232KB

    • MD5

      322ff8c05e66a73cc08d5b6c42516688

    • SHA1

      6055b6a8e199148210fd89dda63c2fd370da05d0

    • SHA256

      ca9942948788e3ee645cab81b10713bc8f5a051bd00e6eb9be717b38d0a199ca

    • SHA512

      da9c5ef7a0a8db1beac329b98f0e1befa420558e932ee781975b1e1c96af955e3ff1c8e5f46b75557136a106ca2f43bce50d090a565f73507bf34f3b2b756af2

    • SSDEEP

      3072:16wcOaz6kqB/EsWcXCJGbtyntvHGiYMnIOwKSIYFUQRLmTDBwszHbcOQafZD2dd:16wh5nRXCw+DnIdFUKmTDBwsz7c1yDQd

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks