Overview

overview

10

task1

 

10

task2

 

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    update.bin

  • Size

    645KB

  • Sample

    191206-s2wazv1yle

  • MD5

    a74234fff324ecde0028dd860ca0a935

  • SHA1

    ac7e1a4eb12a7f39ad6334085eda68e125fe3523

  • SHA256

    983ea66816fa3e0a089be5ac33e8f3e2ff92b53e804389805fc591ea12cf09d0

  • SHA512

    c2f8b3521a53142ecb20e49ad3bd5636d228973cad83afe89844e7bd2185f8d8e58b83024f1f16da2389abfecbaf05301a9de750c72ba50f9089b093266ee845

Score
10/10
qakbot1575272833bankerevasionpersistencespreadingstealertrojan

Malware Config

Extracted

Family

qakbot

Campaign

1575272833

C2

173.172.205.216:995

71.77.231.251:443

75.110.250.89:443

72.190.101.70:443

12.5.37.3:995

68.49.120.179:443

184.74.101.234:995

24.30.71.200:443

100.4.185.8:443

72.218.167.183:443

80.14.209.42:2222

187.206.88.42:995

104.34.122.18:443

81.103.144.77:443

75.110.219.10:443

12.5.37.3:443

74.134.35.54:443

70.183.3.199:443

64.250.55.239:443

75.142.59.167:443

Targets

    • Target

      update.bin

    • Size

      645KB

    • MD5

      a74234fff324ecde0028dd860ca0a935

    • SHA1

      ac7e1a4eb12a7f39ad6334085eda68e125fe3523

    • SHA256

      983ea66816fa3e0a089be5ac33e8f3e2ff92b53e804389805fc591ea12cf09d0

    • SHA512

      c2f8b3521a53142ecb20e49ad3bd5636d228973cad83afe89844e7bd2185f8d8e58b83024f1f16da2389abfecbaf05301a9de750c72ba50f9089b093266ee845

    Score
    10/10
    persistencetrojanbankerstealerqakbotevasionspreading

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities

      trojanbankerstealerqakbot

    • Windows security bypass

      evasiontrojan

    • Executes dropped EXE

    • Turn off Windows Defender SpyNet reporting

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run entry to start application

      persistence

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    task1task2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Disabling Security Tools

2
T1089

Modify Registry

3
T1112

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

2
T1082

Remote System Discovery

1
T1018

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks