Overview

overview

10

Static

static

3

Run-Malware-1.bat

windows10-1703-x64

10

Run-Malware-1.bat

windows10-2004-x64

10

Run-Malware-1.bat

windows11-21h2-x64

10

Analysis

  • max time kernel
    1199s
  • max time network
    1195s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    26-04-2024 01:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Run-Malware-1.bat

  • Size

    64B

  • MD5

    4a5c0851841d5f1927ba79b7307a77f8

  • SHA1

    624765f7ddb16d57ba10b053d06c720d304c484a

  • SHA256

    0e4e4ad7098ea7deb02d5ffaa3e08c89e44fa7083caef8e7ddcf13fada1e2f9d

  • SHA512

    64773939e5545c896a82fbe1629e7eaa5592b1b99e28aacc28666f073b48c743376dd3a1be6d9cba70f9bf19cff72e5c77869def524bde4bf050c593d9ef3016

Score
10/10
qakbottchk081710958492bankerstealertrojan

Malware Config

Extracted

Family

qakbot

Botnet

tchk08

Campaign

1710958492

C2

77.105.162.176:995

31.210.173.10:443

5.252.177.195:443
Attributes
  • camp_date

    2024-03-20 18:14:52 +0000 UTC

Signatures

  • Detect Qakbot Payload 56 IoCs
  • Qakbot/Qbot

    Qbot or Qakbot is a sophisticated worm with banking capabilities.

    trojanbankerstealerqakbot
  • Delays execution with timeout.exe 1 IoCs
    evasion
  • Gathers network information 2 TTPs 1 IoCs

    Uses commandline utility to view network configuration.

  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 28 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Run-Malware-1.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1540
    • C:\Windows\system32\rundll32.exe
      rundll32.exe 02.dll,checkit
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:4564
      • C:\Windows\System32\wermgr.exe
        C:\Windows\System32\wermgr.exe
        3⤵
        • Modifies registry class
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:1904
        • C:\Windows\System32\ipconfig.exe
          ipconfig /all
          4⤵
          • Gathers network information
          PID:3712
        • C:\Windows\System32\whoami.exe
          whoami /all
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:4396
        • C:\Windows\System32\nltest.exe
          nltest /domain_trusts /all_trusts
          4⤵
            PID:1824
          • C:\Windows\System32\qwinsta.exe
            qwinsta
            4⤵
              PID:1516
        • C:\Windows\system32\timeout.exe
          timeout /t 10
          2⤵
          • Delays execution with timeout.exe
          PID:4788
        • C:\Users\Admin\AppData\Local\Temp\qd_x86.exe
          qd_x86.exe -i
          2⤵
            PID:3616
        • C:\Windows\system32\msiexec.exe
          C:\Windows\system32\msiexec.exe /V
          1⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:4372

        Network

        MITRE ATT&CK Matrix ATT&CK v13

        Initial Access

        Execution

        Command and Scripting Interpreter

        1
        T1059

        Persistence

        Privilege Escalation

        Defense Evasion

        Credential Access

        Discovery

        System Information Discovery

        1
        T1082

        Lateral Movement

        Collection

        Exfiltration

        Command and Control

        Impact

        Resource Development

        Reconnaissance

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1904-46-0x0000020F4CA20000-0x0000020F4CA4F000-memory.dmp
          Filesize

          188KB

          Download
        • memory/1904-67-0x0000020F4CA20000-0x0000020F4CA4F000-memory.dmp
          Filesize

          188KB

          Download
        • memory/1904-82-0x0000020F4CA20000-0x0000020F4CA4F000-memory.dmp
          Filesize

          188KB

          Download
        • memory/1904-81-0x0000020F4CA20000-0x0000020F4CA4F000-memory.dmp
          Filesize

          188KB

          Download
        • memory/1904-52-0x0000020F4CA20000-0x0000020F4CA4F000-memory.dmp
          Filesize

          188KB

          Download
        • memory/1904-80-0x0000020F4CA20000-0x0000020F4CA4F000-memory.dmp
          Filesize

          188KB

          Download
        • memory/1904-79-0x0000020F4CA20000-0x0000020F4CA4F000-memory.dmp
          Filesize

          188KB

          Download
        • memory/1904-78-0x0000020F4CA20000-0x0000020F4CA4F000-memory.dmp
          Filesize

          188KB

          Download
        • memory/1904-77-0x0000020F4CA20000-0x0000020F4CA4F000-memory.dmp
          Filesize

          188KB

          Download
        • memory/1904-12-0x0000020F4CA50000-0x0000020F4CA52000-memory.dmp
          Filesize

          8KB

          Download
        • memory/1904-13-0x0000020F4CA20000-0x0000020F4CA4F000-memory.dmp
          Filesize

          188KB

          Download
        • memory/1904-76-0x0000020F4CA20000-0x0000020F4CA4F000-memory.dmp
          Filesize

          188KB

          Download
        • memory/1904-75-0x0000020F4CA20000-0x0000020F4CA4F000-memory.dmp
          Filesize

          188KB

          Download
        • memory/1904-21-0x0000020F4CA20000-0x0000020F4CA4F000-memory.dmp
          Filesize

          188KB

          Download
        • memory/1904-74-0x0000020F4CA20000-0x0000020F4CA4F000-memory.dmp
          Filesize

          188KB

          Download
        • memory/1904-23-0x0000020F4CA20000-0x0000020F4CA4F000-memory.dmp
          Filesize

          188KB

          Download
        • memory/1904-24-0x0000020F4CA20000-0x0000020F4CA4F000-memory.dmp
          Filesize

          188KB

          Download
        • memory/1904-35-0x0000020F4CA20000-0x0000020F4CA4F000-memory.dmp
          Filesize

          188KB

          Download
        • memory/1904-36-0x0000020F4CA20000-0x0000020F4CA4F000-memory.dmp
          Filesize

          188KB

          Download
        • memory/1904-37-0x0000020F4CA20000-0x0000020F4CA4F000-memory.dmp
          Filesize

          188KB

          Download
        • memory/1904-39-0x0000020F4CA20000-0x0000020F4CA4F000-memory.dmp
          Filesize

          188KB

          Download
        • memory/1904-38-0x0000020F4CA20000-0x0000020F4CA4F000-memory.dmp
          Filesize

          188KB

          Download
        • memory/1904-40-0x0000020F4CA20000-0x0000020F4CA4F000-memory.dmp
          Filesize

          188KB

          Download
        • memory/1904-41-0x0000020F4CA20000-0x0000020F4CA4F000-memory.dmp
          Filesize

          188KB

          Download
        • memory/1904-53-0x0000020F4CA20000-0x0000020F4CA4F000-memory.dmp
          Filesize

          188KB

          Download
        • memory/1904-43-0x0000020F4CA20000-0x0000020F4CA4F000-memory.dmp
          Filesize

          188KB

          Download
        • memory/1904-44-0x0000020F4CA20000-0x0000020F4CA4F000-memory.dmp
          Filesize

          188KB

          Download
        • memory/1904-45-0x0000020F4CA20000-0x0000020F4CA4F000-memory.dmp
          Filesize

          188KB

          Download
        • memory/1904-72-0x0000020F4CA20000-0x0000020F4CA4F000-memory.dmp
          Filesize

          188KB

          Download
        • memory/1904-71-0x0000020F4CA20000-0x0000020F4CA4F000-memory.dmp
          Filesize

          188KB

          Download
        • memory/1904-42-0x0000020F4CA20000-0x0000020F4CA4F000-memory.dmp
          Filesize

          188KB

          Download
        • memory/1904-54-0x0000020F4CA20000-0x0000020F4CA4F000-memory.dmp
          Filesize

          188KB

          Download
        • memory/1904-56-0x0000020F4CA20000-0x0000020F4CA4F000-memory.dmp
          Filesize

          188KB

          Download
        • memory/1904-57-0x0000020F4CA20000-0x0000020F4CA4F000-memory.dmp
          Filesize

          188KB

          Download
        • memory/1904-58-0x0000020F4CA20000-0x0000020F4CA4F000-memory.dmp
          Filesize

          188KB

          Download
        • memory/1904-59-0x0000020F4CA20000-0x0000020F4CA4F000-memory.dmp
          Filesize

          188KB

          Download
        • memory/1904-60-0x0000020F4CA20000-0x0000020F4CA4F000-memory.dmp
          Filesize

          188KB

          Download
        • memory/1904-61-0x0000020F4CA20000-0x0000020F4CA4F000-memory.dmp
          Filesize

          188KB

          Download
        • memory/1904-62-0x0000020F4CA20000-0x0000020F4CA4F000-memory.dmp
          Filesize

          188KB

          Download
        • memory/1904-63-0x0000020F4CA20000-0x0000020F4CA4F000-memory.dmp
          Filesize

          188KB

          Download
        • memory/1904-64-0x0000020F4CA20000-0x0000020F4CA4F000-memory.dmp
          Filesize

          188KB

          Download
        • memory/1904-65-0x0000020F4CA20000-0x0000020F4CA4F000-memory.dmp
          Filesize

          188KB

          Download
        • memory/1904-66-0x0000020F4CA20000-0x0000020F4CA4F000-memory.dmp
          Filesize

          188KB

          Download
        • memory/1904-70-0x0000020F4CA20000-0x0000020F4CA4F000-memory.dmp
          Filesize

          188KB

          Download
        • memory/1904-68-0x0000020F4CA20000-0x0000020F4CA4F000-memory.dmp
          Filesize

          188KB

          Download
        • memory/1904-69-0x0000020F4CA20000-0x0000020F4CA4F000-memory.dmp
          Filesize

          188KB

          Download
        • memory/4564-1-0x0000022F43150000-0x0000022F4317F000-memory.dmp
          Filesize

          188KB

          Download
        • memory/4564-7-0x0000022F43180000-0x0000022F431AF000-memory.dmp
          Filesize

          188KB

          Download
        • memory/4564-4-0x0000022F43120000-0x0000022F4314D000-memory.dmp
          Filesize

          180KB

          Download
        • memory/4564-22-0x0000022F43180000-0x0000022F431AF000-memory.dmp
          Filesize

          188KB

          Download
        • memory/4564-20-0x0000022F43180000-0x0000022F431AF000-memory.dmp
          Filesize

          188KB

          Download
        • memory/4564-19-0x0000022F43180000-0x0000022F431AF000-memory.dmp
          Filesize

          188KB

          Download
        • memory/4564-10-0x0000022F43180000-0x0000022F431AF000-memory.dmp
          Filesize

          188KB

          Download
        • memory/4564-11-0x0000022F43180000-0x0000022F431AF000-memory.dmp
          Filesize

          188KB

          Download
        • memory/4564-9-0x0000022F43180000-0x0000022F431AF000-memory.dmp
          Filesize

          188KB

          Download
        • memory/4564-8-0x0000022F43180000-0x0000022F431AF000-memory.dmp
          Filesize

          188KB

          Download
        • memory/4564-6-0x0000022F43180000-0x0000022F431AF000-memory.dmp
          Filesize

          188KB

          Download
        • memory/4564-0-0x0000022F43120000-0x0000022F4314D000-memory.dmp
          Filesize

          180KB

          Download