Overview

overview

10

Static

static

1

fda2abd247...92.exe

windows7-x64

10

fda2abd247...92.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-04-2024 13:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fda2abd24764809fb36d4d2ee7ab5f6e8c06381fe6d9bb191bde62411c96ba92.exe

  • Size

    1.3MB

  • MD5

    f9073d4ac3089ecc2c43b73b3818582e

  • SHA1

    38813f19e54d28055b2cc4d7030cf608ca5d4c5a

  • SHA256

    fda2abd24764809fb36d4d2ee7ab5f6e8c06381fe6d9bb191bde62411c96ba92

  • SHA512

    bc52575d876e84c7b9b92590dc9168785021da7ce9c53e81421b307cb6de157be3e88f19aee095b0ecc6bf57f7ed02da0df1198b71ba6c292ec37d3ad50b7d35

  • SSDEEP

    24576:bH4G8P8VYqjxxT6qZk1rFrXc0lLF5HskwGpLFg:cG8P8VcrlcwLXPpL6

Score
10/10
qakbotbmw011706268333bankerstealertrojan

Malware Config

Extracted

Family

qakbot

Botnet

bmw01

Campaign

1706268333

C2

116.202.110.87:443

77.73.39.175:32103

185.156.172.62:443

185.117.90.142:6882
Attributes
  • camp_date

    2024-01-26 11:25:33 +0000 UTC

Signatures

  • Detect Qakbot Payload 26 IoCs
  • Qakbot/Qbot

    Qbot or Qakbot is a sophisticated worm with banking capabilities.

    trojanbankerstealerqakbot
  • Suspicious use of SetThreadContext 1 IoCs
  • Modifies registry class 10 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fda2abd24764809fb36d4d2ee7ab5f6e8c06381fe6d9bb191bde62411c96ba92.exe
    "C:\Users\Admin\AppData\Local\Temp\fda2abd24764809fb36d4d2ee7ab5f6e8c06381fe6d9bb191bde62411c96ba92.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4144
    • C:\Users\Admin\AppData\Local\Temp\fda2abd24764809fb36d4d2ee7ab5f6e8c06381fe6d9bb191bde62411c96ba92.exe
      "C:\Users\Admin\AppData\Local\Temp\fda2abd24764809fb36d4d2ee7ab5f6e8c06381fe6d9bb191bde62411c96ba92.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:4868
      • C:\Windows\System32\wermgr.exe
        C:\Windows\System32\wermgr.exe
        3⤵
        • Modifies registry class
        • Suspicious behavior: EnumeratesProcesses
        PID:908

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/908-17-0x0000021DC6A90000-0x0000021DC6AC0000-memory.dmp
    Filesize

    192KB

    Download
  • memory/908-43-0x0000021DC6A90000-0x0000021DC6AC0000-memory.dmp
    Filesize

    192KB

    Download
  • memory/908-40-0x0000021DC6A90000-0x0000021DC6AC0000-memory.dmp
    Filesize

    192KB

    Download
  • memory/908-39-0x0000021DC6A90000-0x0000021DC6AC0000-memory.dmp
    Filesize

    192KB

    Download
  • memory/908-41-0x0000021DC6A90000-0x0000021DC6AC0000-memory.dmp
    Filesize

    192KB

    Download
  • memory/908-38-0x0000021DC6A90000-0x0000021DC6AC0000-memory.dmp
    Filesize

    192KB

    Download
  • memory/908-37-0x0000021DC6A90000-0x0000021DC6AC0000-memory.dmp
    Filesize

    192KB

    Download
  • memory/908-24-0x0000021DC6A90000-0x0000021DC6AC0000-memory.dmp
    Filesize

    192KB

    Download
  • memory/908-27-0x0000021DC6A90000-0x0000021DC6AC0000-memory.dmp
    Filesize

    192KB

    Download
  • memory/908-25-0x0000021DC6A90000-0x0000021DC6AC0000-memory.dmp
    Filesize

    192KB

    Download
  • memory/908-16-0x0000021DC6AC0000-0x0000021DC6AC2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/4144-4-0x0000000000510000-0x000000000055E000-memory.dmp
    Filesize

    312KB

    Download
  • memory/4144-10-0x0000000002040000-0x0000000002093000-memory.dmp
    Filesize

    332KB

    Download
  • memory/4144-6-0x0000000002040000-0x0000000002093000-memory.dmp
    Filesize

    332KB

    Download
  • memory/4868-11-0x0000000140000000-0x0000000140030000-memory.dmp
    Filesize

    192KB

    Download
  • memory/4868-0-0x0000000140000000-0x0000000140030000-memory.dmp
    Filesize

    192KB

    Download
  • memory/4868-12-0x0000000140000000-0x0000000140030000-memory.dmp
    Filesize

    192KB

    Download
  • memory/4868-8-0x0000000140000000-0x0000000140030000-memory.dmp
    Filesize

    192KB

    Download
  • memory/4868-26-0x0000000140000000-0x0000000140030000-memory.dmp
    Filesize

    192KB

    Download
  • memory/4868-9-0x0000000140000000-0x0000000140030000-memory.dmp
    Filesize

    192KB

    Download
  • memory/4868-14-0x0000000140000000-0x0000000140030000-memory.dmp
    Filesize

    192KB

    Download
  • memory/4868-23-0x0000000140000000-0x0000000140030000-memory.dmp
    Filesize

    192KB

    Download
  • memory/4868-15-0x0000000140000000-0x0000000140030000-memory.dmp
    Filesize

    192KB

    Download
  • memory/4868-3-0x0000000140000000-0x0000000140030000-memory.dmp
    Filesize

    192KB

    Download
  • memory/4868-5-0x0000000140000000-0x0000000140030000-memory.dmp
    Filesize

    192KB

    Download
  • memory/4868-7-0x0000000140000000-0x0000000140030000-memory.dmp
    Filesize

    192KB

    Download
  • memory/4868-13-0x0000000140000000-0x0000000140030000-memory.dmp
    Filesize

    192KB

    Download
  • memory/4868-2-0x0000000140000000-0x0000000140030000-memory.dmp
    Filesize

    192KB

    Download
  • memory/4868-1-0x0000000140000000-0x0000000140030000-memory.dmp
    Filesize

    192KB

    Download