Overview

overview

10

Static

static

JVC_47247.vbs

windows7_x64

8

JVC_47247.vbs

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JVC_47247.vbs

  • Size

    4.3MB

  • Sample

    200218-vc9h7wmb6n

  • MD5

    2e5d0c5ceac5c6111a9ec881f7e4f3f4

  • SHA1

    ba8a9af53583a01a0c4c49bf827a3433c203a983

  • SHA256

    78f357f61ed20344d27a1323e6a5a87e2f9ac140064d7e57a77d195e599f6e4b

  • SHA512

    1097085efc7bb40e55c1095b7b5c4ed3aecb9ab7d803cc91e9e042efee2cecc896643823ed0ade4017a228805ce5ed11881506d3742fc89ed72e9b05acd32745

Score
10/10
qakbotbankerstealertrojan

Malware Config

Targets

    • Target

      JVC_47247.vbs

    • Size

      4.3MB

    • MD5

      2e5d0c5ceac5c6111a9ec881f7e4f3f4

    • SHA1

      ba8a9af53583a01a0c4c49bf827a3433c203a983

    • SHA256

      78f357f61ed20344d27a1323e6a5a87e2f9ac140064d7e57a77d195e599f6e4b

    • SHA512

      1097085efc7bb40e55c1095b7b5c4ed3aecb9ab7d803cc91e9e042efee2cecc896643823ed0ade4017a228805ce5ed11881506d3742fc89ed72e9b05acd32745

    Score
    10/10
    trojanbankerstealerqakbot

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks