Overview

overview

10

Static

static

1

fda2abd247...92.exe

windows7-x64

10

fda2abd247...92.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-04-2024 10:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fda2abd24764809fb36d4d2ee7ab5f6e8c06381fe6d9bb191bde62411c96ba92.exe

  • Size

    1.3MB

  • MD5

    f9073d4ac3089ecc2c43b73b3818582e

  • SHA1

    38813f19e54d28055b2cc4d7030cf608ca5d4c5a

  • SHA256

    fda2abd24764809fb36d4d2ee7ab5f6e8c06381fe6d9bb191bde62411c96ba92

  • SHA512

    bc52575d876e84c7b9b92590dc9168785021da7ce9c53e81421b307cb6de157be3e88f19aee095b0ecc6bf57f7ed02da0df1198b71ba6c292ec37d3ad50b7d35

  • SSDEEP

    24576:bH4G8P8VYqjxxT6qZk1rFrXc0lLF5HskwGpLFg:cG8P8VcrlcwLXPpL6

Score
10/10
qakbotbmw011706268333bankerstealertrojan

Malware Config

Extracted

Family

qakbot

Botnet

bmw01

Campaign

1706268333

C2

116.202.110.87:443

77.73.39.175:32103

185.156.172.62:443

185.117.90.142:6882
Attributes
  • camp_date

    2024-01-26 11:25:33 +0000 UTC

Signatures

  • Detect Qakbot Payload 26 IoCs
  • Qakbot/Qbot

    Qbot or Qakbot is a sophisticated worm with banking capabilities.

    trojanbankerstealerqakbot
  • Suspicious use of SetThreadContext 1 IoCs
  • Modifies registry class 10 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fda2abd24764809fb36d4d2ee7ab5f6e8c06381fe6d9bb191bde62411c96ba92.exe
    "C:\Users\Admin\AppData\Local\Temp\fda2abd24764809fb36d4d2ee7ab5f6e8c06381fe6d9bb191bde62411c96ba92.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:972
    • C:\Users\Admin\AppData\Local\Temp\fda2abd24764809fb36d4d2ee7ab5f6e8c06381fe6d9bb191bde62411c96ba92.exe
      "C:\Users\Admin\AppData\Local\Temp\fda2abd24764809fb36d4d2ee7ab5f6e8c06381fe6d9bb191bde62411c96ba92.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:4008
      • C:\Windows\System32\wermgr.exe
        C:\Windows\System32\wermgr.exe
        3⤵
        • Modifies registry class
        • Suspicious behavior: EnumeratesProcesses
        PID:540

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/540-39-0x000001C27D7B0000-0x000001C27D7E0000-memory.dmp
    Filesize

    192KB

    Download
  • memory/540-27-0x000001C27D7B0000-0x000001C27D7E0000-memory.dmp
    Filesize

    192KB

    Download
  • memory/540-16-0x000001C27D7E0000-0x000001C27D7E2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/540-41-0x000001C27D7B0000-0x000001C27D7E0000-memory.dmp
    Filesize

    192KB

    Download
  • memory/540-40-0x000001C27D7B0000-0x000001C27D7E0000-memory.dmp
    Filesize

    192KB

    Download
  • memory/540-38-0x000001C27D7B0000-0x000001C27D7E0000-memory.dmp
    Filesize

    192KB

    Download
  • memory/540-43-0x000001C27D7B0000-0x000001C27D7E0000-memory.dmp
    Filesize

    192KB

    Download
  • memory/540-17-0x000001C27D7B0000-0x000001C27D7E0000-memory.dmp
    Filesize

    192KB

    Download
  • memory/540-24-0x000001C27D7B0000-0x000001C27D7E0000-memory.dmp
    Filesize

    192KB

    Download
  • memory/540-25-0x000001C27D7B0000-0x000001C27D7E0000-memory.dmp
    Filesize

    192KB

    Download
  • memory/540-37-0x000001C27D7B0000-0x000001C27D7E0000-memory.dmp
    Filesize

    192KB

    Download
  • memory/972-9-0x0000000002020000-0x0000000002073000-memory.dmp
    Filesize

    332KB

    Download
  • memory/972-0-0x0000000001FD0000-0x000000000201E000-memory.dmp
    Filesize

    312KB

    Download
  • memory/972-2-0x0000000002020000-0x0000000002073000-memory.dmp
    Filesize

    332KB

    Download
  • memory/4008-14-0x0000000140000000-0x0000000140030000-memory.dmp
    Filesize

    192KB

    Download
  • memory/4008-26-0x0000000140000000-0x0000000140030000-memory.dmp
    Filesize

    192KB

    Download
  • memory/4008-13-0x0000000140000000-0x0000000140030000-memory.dmp
    Filesize

    192KB

    Download
  • memory/4008-11-0x0000000140000000-0x0000000140030000-memory.dmp
    Filesize

    192KB

    Download
  • memory/4008-23-0x0000000140000000-0x0000000140030000-memory.dmp
    Filesize

    192KB

    Download
  • memory/4008-12-0x0000000140000000-0x0000000140030000-memory.dmp
    Filesize

    192KB

    Download
  • memory/4008-10-0x0000000140000000-0x0000000140030000-memory.dmp
    Filesize

    192KB

    Download
  • memory/4008-15-0x0000000140000000-0x0000000140030000-memory.dmp
    Filesize

    192KB

    Download
  • memory/4008-8-0x0000000140000000-0x0000000140030000-memory.dmp
    Filesize

    192KB

    Download
  • memory/4008-7-0x0000000140000000-0x0000000140030000-memory.dmp
    Filesize

    192KB

    Download
  • memory/4008-5-0x0000000140000000-0x0000000140030000-memory.dmp
    Filesize

    192KB

    Download
  • memory/4008-4-0x0000000140000000-0x0000000140030000-memory.dmp
    Filesize

    192KB

    Download
  • memory/4008-6-0x0000000140000000-0x0000000140030000-memory.dmp
    Filesize

    192KB

    Download
  • memory/4008-3-0x0000000140000000-0x0000000140030000-memory.dmp
    Filesize

    192KB

    Download
  • memory/4008-1-0x0000000140000000-0x0000000140030000-memory.dmp
    Filesize

    192KB

    Download