General

  • Target

    93a98b919aec23411ae62dba8d0d22f939da45dec19db2b4e7293124d8f1507f.msi

  • Size

    1.9MB

  • Sample

    240229-dnqe7sbh8t

  • MD5

    82b8bd90e500fb0bf878d6f430c5abec

  • SHA1

    f004c09428f2f18a145212a9e55eef3615858f9c

  • SHA256

    93a98b919aec23411ae62dba8d0d22f939da45dec19db2b4e7293124d8f1507f

  • SHA512

    82b2e997bf5bc0d08ab8dd921aef3e8d620a61c26f86b6f481845ad694d7b97f65dfa42e1c18b83f0f827cad9df69a409b75d96793e5bd7124c26bc7cb07f881

  • SSDEEP

    49152:Ksjitd+vszAlozTy4g5r8+5eNBABxGNvXreD68f:rihTyfcXreO8f

Malware Config

Targets

    • Target

      93a98b919aec23411ae62dba8d0d22f939da45dec19db2b4e7293124d8f1507f.msi

    • Size

      1.9MB

    • MD5

      82b8bd90e500fb0bf878d6f430c5abec

    • SHA1

      f004c09428f2f18a145212a9e55eef3615858f9c

    • SHA256

      93a98b919aec23411ae62dba8d0d22f939da45dec19db2b4e7293124d8f1507f

    • SHA512

      82b2e997bf5bc0d08ab8dd921aef3e8d620a61c26f86b6f481845ad694d7b97f65dfa42e1c18b83f0f827cad9df69a409b75d96793e5bd7124c26bc7cb07f881

    • SSDEEP

      49152:Ksjitd+vszAlozTy4g5r8+5eNBABxGNvXreD68f:rihTyfcXreO8f

    • Detect Qakbot Payload

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks