Overview

overview

10

Static

static

3

Run-Malware-1.bat

windows10-1703-x64

10

Run-Malware-1.bat

windows10-2004-x64

10

Run-Malware-1.bat

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Malware-1.zip

  • Size

    1.9MB

  • Sample

    240426-b3eadaha51

  • MD5

    d640e9fdff24f5416fe64caa83ced813

  • SHA1

    cdeca238a2507e9b0ca307cd3774512ed5a02096

  • SHA256

    d832c8f49706ff93871a111be8fb280caedbad5b368f801dd720c7786f872e86

  • SHA512

    322062336e9c02ee5062632294b127a601628aaf6de40a18003f45aa3af95fe3c34046734b56b3af2177fbd64f4f2d5fa49521bf737cb520e24d6c7dac51e6f5

  • SSDEEP

    49152:+1bV6svOlB8cvjptfO3eQ8Me1oRTPIGR4fmrDcxsTxn:KvvO7vz0eQ8MOirMmPAe

Score
10/10
qakbottchk081710958492bankerstealertrojan

Malware Config

Extracted

Family

qakbot

Botnet

tchk08

Campaign

1710958492

C2

77.105.162.176:995

31.210.173.10:443

5.252.177.195:443
Attributes
  • camp_date

    2024-03-20 18:14:52 +0000 UTC

Targets

    • Target

      Run-Malware-1.bat

    • Size

      64B

    • MD5

      4a5c0851841d5f1927ba79b7307a77f8

    • SHA1

      624765f7ddb16d57ba10b053d06c720d304c484a

    • SHA256

      0e4e4ad7098ea7deb02d5ffaa3e08c89e44fa7083caef8e7ddcf13fada1e2f9d

    • SHA512

      64773939e5545c896a82fbe1629e7eaa5592b1b99e28aacc28666f073b48c743376dd3a1be6d9cba70f9bf19cff72e5c77869def524bde4bf050c593d9ef3016

    Score
    10/10
    qakbottchk081710958492bankerstealertrojan

    • Detect Qakbot Payload

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot
    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks