Overview

overview

10

Static

static

1

fda2abd247...92.exe

windows7-x64

10

fda2abd247...92.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    141s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-04-2024 13:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fda2abd24764809fb36d4d2ee7ab5f6e8c06381fe6d9bb191bde62411c96ba92.exe

  • Size

    1.3MB

  • MD5

    f9073d4ac3089ecc2c43b73b3818582e

  • SHA1

    38813f19e54d28055b2cc4d7030cf608ca5d4c5a

  • SHA256

    fda2abd24764809fb36d4d2ee7ab5f6e8c06381fe6d9bb191bde62411c96ba92

  • SHA512

    bc52575d876e84c7b9b92590dc9168785021da7ce9c53e81421b307cb6de157be3e88f19aee095b0ecc6bf57f7ed02da0df1198b71ba6c292ec37d3ad50b7d35

  • SSDEEP

    24576:bH4G8P8VYqjxxT6qZk1rFrXc0lLF5HskwGpLFg:cG8P8VcrlcwLXPpL6

Score
10/10
qakbotbmw011706268333bankerstealertrojan

Malware Config

Extracted

Family

qakbot

Botnet

bmw01

Campaign

1706268333

C2

116.202.110.87:443

77.73.39.175:32103

185.156.172.62:443

185.117.90.142:6882
Attributes
  • camp_date

    2024-01-26 11:25:33 +0000 UTC

Signatures

  • Detect Qakbot Payload 26 IoCs
  • Qakbot/Qbot

    Qbot or Qakbot is a sophisticated worm with banking capabilities.

    trojanbankerstealerqakbot
  • Suspicious use of SetThreadContext 1 IoCs
  • Modifies registry class 10 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fda2abd24764809fb36d4d2ee7ab5f6e8c06381fe6d9bb191bde62411c96ba92.exe
    "C:\Users\Admin\AppData\Local\Temp\fda2abd24764809fb36d4d2ee7ab5f6e8c06381fe6d9bb191bde62411c96ba92.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2548
    • C:\Users\Admin\AppData\Local\Temp\fda2abd24764809fb36d4d2ee7ab5f6e8c06381fe6d9bb191bde62411c96ba92.exe
      "C:\Users\Admin\AppData\Local\Temp\fda2abd24764809fb36d4d2ee7ab5f6e8c06381fe6d9bb191bde62411c96ba92.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:4360
      • C:\Windows\System32\wermgr.exe
        C:\Windows\System32\wermgr.exe
        3⤵
        • Modifies registry class
        • Suspicious behavior: EnumeratesProcesses
        PID:4872

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2548-10-0x0000000002030000-0x0000000002083000-memory.dmp
    Filesize

    332KB

    Download
  • memory/2548-3-0x0000000001FE0000-0x000000000202E000-memory.dmp
    Filesize

    312KB

    Download
  • memory/2548-4-0x0000000002030000-0x0000000002083000-memory.dmp
    Filesize

    332KB

    Download
  • memory/4360-6-0x0000000140000000-0x0000000140030000-memory.dmp
    Filesize

    192KB

    Download
  • memory/4360-9-0x0000000140000000-0x0000000140030000-memory.dmp
    Filesize

    192KB

    Download
  • memory/4360-12-0x0000000140000000-0x0000000140030000-memory.dmp
    Filesize

    192KB

    Download
  • memory/4360-11-0x0000000140000000-0x0000000140030000-memory.dmp
    Filesize

    192KB

    Download
  • memory/4360-7-0x0000000140000000-0x0000000140030000-memory.dmp
    Filesize

    192KB

    Download
  • memory/4360-14-0x0000000140000000-0x0000000140030000-memory.dmp
    Filesize

    192KB

    Download
  • memory/4360-5-0x0000000140000000-0x0000000140030000-memory.dmp
    Filesize

    192KB

    Download
  • memory/4360-8-0x0000000140000000-0x0000000140030000-memory.dmp
    Filesize

    192KB

    Download
  • memory/4360-1-0x0000000140000000-0x0000000140030000-memory.dmp
    Filesize

    192KB

    Download
  • memory/4360-0-0x0000000140000000-0x0000000140030000-memory.dmp
    Filesize

    192KB

    Download
  • memory/4360-13-0x0000000140000000-0x0000000140030000-memory.dmp
    Filesize

    192KB

    Download
  • memory/4360-2-0x0000000140000000-0x0000000140030000-memory.dmp
    Filesize

    192KB

    Download
  • memory/4360-26-0x0000000140000000-0x0000000140030000-memory.dmp
    Filesize

    192KB

    Download
  • memory/4360-23-0x0000000140000000-0x0000000140030000-memory.dmp
    Filesize

    192KB

    Download
  • memory/4360-15-0x0000000140000000-0x0000000140030000-memory.dmp
    Filesize

    192KB

    Download
  • memory/4872-17-0x000001F881B60000-0x000001F881B90000-memory.dmp
    Filesize

    192KB

    Download
  • memory/4872-24-0x000001F881B60000-0x000001F881B90000-memory.dmp
    Filesize

    192KB

    Download
  • memory/4872-16-0x000001F881B90000-0x000001F881B92000-memory.dmp
    Filesize

    8KB

    Download
  • memory/4872-28-0x000001F881B60000-0x000001F881B90000-memory.dmp
    Filesize

    192KB

    Download
  • memory/4872-25-0x000001F881B60000-0x000001F881B90000-memory.dmp
    Filesize

    192KB

    Download
  • memory/4872-37-0x000001F881B60000-0x000001F881B90000-memory.dmp
    Filesize

    192KB

    Download
  • memory/4872-38-0x000001F881B60000-0x000001F881B90000-memory.dmp
    Filesize

    192KB

    Download
  • memory/4872-40-0x000001F881B60000-0x000001F881B90000-memory.dmp
    Filesize

    192KB

    Download
  • memory/4872-39-0x000001F881B60000-0x000001F881B90000-memory.dmp
    Filesize

    192KB

    Download
  • memory/4872-41-0x000001F881B60000-0x000001F881B90000-memory.dmp
    Filesize

    192KB

    Download
  • memory/4872-43-0x000001F881B60000-0x000001F881B90000-memory.dmp
    Filesize

    192KB

    Download