qakbot | 871371ff7eb668d8281e8a01af78e4f037f5204311e996b7a133e0d5c51a612e | Triage

Resubmissions

15-09-2020 08:19

200915-2p9e2smpvs 10

18-02-2020 20:06

200218-tmyfj5xvw6 10

Sharing

General

Target

444444.exe
Size

340KB
Sample

200218-tmyfj5xvw6
MD5

36af3d937d99c46cd829957af7f37886
SHA1

6901f63c7339374c0c1b499f593b0a7520c2e266
SHA256

871371ff7eb668d8281e8a01af78e4f037f5204311e996b7a133e0d5c51a612e
SHA512

2cf1464e7fe0645dbc2b9b6e0b158c512ffc8fa9d3b1ba5f10fdefdd3674d69a5a36c7be74b9468d6af9a62972728b13f62e43c3ccb7386e5c415d5d05608e5d

Score

10^/10

qakbot banker evasion persistence stealer trojan

Malware Config

Targets

- Target
  
  444444.exe
- Size
  
  340KB
- MD5
  
  36af3d937d99c46cd829957af7f37886
- SHA1
  
  6901f63c7339374c0c1b499f593b0a7520c2e266
- SHA256
  
  871371ff7eb668d8281e8a01af78e4f037f5204311e996b7a133e0d5c51a612e
- SHA512
  
  2cf1464e7fe0645dbc2b9b6e0b158c512ffc8fa9d3b1ba5f10fdefdd3674d69a5a36c7be74b9468d6af9a62972728b13f62e43c3ccb7386e5c415d5d05608e5d
Score

10^/10

evasion trojan banker stealer qakbot persistence
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Turns off Windows Defender SpyNet reporting
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run entry to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasiontrojanbankerstealerqakbotpersistence

behavioral2

evasiontrojanpersistencebankerstealerqakbot