Overview

overview

10

Static

static

1

u2.bat

windows7-x64

1

u2.bat

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    u2.bat

  • Size

    326B

  • Sample

    240418-brl6vafa56

  • MD5

    acaf01f83da439915027c3e2e900c8dd

  • SHA1

    2861b4e463fa89e05f2d7d629fae5140cef49843

  • SHA256

    3b3bd81232f517ba6d65c7838c205b301b0f27572fcfef9e5b86dd30a1d55a0d

  • SHA512

    dc33e9b7e2dde66a3793955899221513e1f7b156801f1cc56eb48ad5cbf2b8c4facf8ad33c5bd63e4ec607e95e8b909f4bc280aaca4e29f07883879ec97a3e61

Score
10/10
qakbottchk081710958492bankerstealertrojan

Malware Config

Extracted

Family

qakbot

Botnet

tchk08

Campaign

1710958492

C2

77.105.162.176:995

31.210.173.10:443

5.252.177.195:443
Attributes
  • camp_date

    2024-03-20 18:14:52 +0000 UTC

Targets

    • Target

      u2.bat

    • Size

      326B

    • MD5

      acaf01f83da439915027c3e2e900c8dd

    • SHA1

      2861b4e463fa89e05f2d7d629fae5140cef49843

    • SHA256

      3b3bd81232f517ba6d65c7838c205b301b0f27572fcfef9e5b86dd30a1d55a0d

    • SHA512

      dc33e9b7e2dde66a3793955899221513e1f7b156801f1cc56eb48ad5cbf2b8c4facf8ad33c5bd63e4ec607e95e8b909f4bc280aaca4e29f07883879ec97a3e61

    Score
    10/10
    qakbottchk081710958492bankerstealertrojan

    • Detect Qakbot Payload

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks