ioc[.]one - OSINT Cyber Threat Intelligence Database

[RE021] Qakbot analysis – Dangerous malware has been around for more than a decade

Tags

cmtmf-attack-pattern:	Process Injection
country:	U.S. Virgin Islands
attack-pattern:	Data Credentials - T1589.001 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Process Injection - T1631 Regsvr32 - T1218.010 Rundll32 - T1218.011 Scheduled Task - T1053.005 Software - T1592.002 Tool - T1588.002 Powershell - T1086 Process Injection - T1055 Regsvr32 - T1117 Rundll32 - T1085 Scheduled Task - T1053 Scripting - T1064 Scripting

Show in Graph

Common Information

Type	Value
UUID	021ec1c8-a34d-405f-8016-843c13c36def
Fingerprint	530047d968d4e3f6
Analysis status	DONE
Considered CTI value	2
Text language
Published	March 18, 2021, 10:53 p.m.
Added to db	Oct. 23, 2023, 12:22 a.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	UNKNOWN
Title	[RE021] Qakbot analysis – Dangerous malware has been around for more than a decade
Detected Hints/Tags/Attributes	88/3/243

Source URLs

	Redirection	Url
Details	Source	https://blog.vincss.net/2021/03/re021-qakbot-dangerous-malware-has-been-around-for-more-than-a-decade.html

URL Provider

Details	Provider	Source level domain
Details	vincss.net	blog.vincss.net

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	71	✔	—	https://blog.vincss.net/feeds/posts/default?alt=rss	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	47	www.malware-traffic-analysis.net
Details	Domain	96	malpedia.caad.fkie.fraunhofer.de
Details	Domain	911	any.run
Details	Domain	425	isc.sans.edu
Details	File	1018	rundll32.exe
Details	File	3	stager_1.dll
Details	File	748	kernel32.dll
Details	File	35	ccsvchst.exe
Details	File	13	avgcsrvx.exe
Details	File	9	avgsvcx.exe
Details	File	10	avgcsrva.exe
Details	File	198	msmpeng.exe
Details	File	45	mcshield.exe
Details	File	119	avp.exe
Details	File	8	kavtray.exe
Details	File	36	egui.exe
Details	File	53	ekrn.exe
Details	File	42	bdagent.exe
Details	File	22	vsserv.exe
Details	File	9	vsservppl.exe
Details	File	41	avastsvc.exe
Details	File	16	coreserviceshell.exe
Details	File	29	pccntmon.exe
Details	File	29	ntrtscan.exe
Details	File	19	savadminservice.exe
Details	File	25	savservice.exe
Details	File	12	fshoster32.exe
Details	File	20	wrsa.exe
Details	File	12	vkise.exe
Details	File	8	isesrv.exe
Details	File	23	cmdagent.exe
Details	File	9	bytefence.exe
Details	File	28	mbamservice.exe
Details	File	11	mbamgui.exe
Details	File	11	fmon.exe
Details	File	17	artifact.exe
Details	File	3	srvpost.exe
Details	File	10	frida-winjector-helper-32.exe
Details	File	8	frida-winjector-helper-64.exe
Details	File	14	setupapi.dll
Details	File	1260	explorer.exe
Details	File	18	mobsync.exe
Details	File	459	regsvr32.exe
Details	File	249	schtasks.exe
Details	File	60	c:\windows\system32\schtasks.exe
Details	File	1	c:\users\rem\desktop\qakbot_dll_unpacked.bin
Details	File	816	index.html
Details	File	22	tcpdump.exe
Details	File	22	windump.exe
Details	File	17	ethereal.exe
Details	File	71	wireshark.exe
Details	File	15	ettercap.exe
Details	File	7	rtsniff.exe
Details	File	7	packetcapture.exe
Details	File	7	capturenet.exe
Details	File	8	%systemroot%\syswow64\explorer.exe
Details	File	291	user32.dll
Details	File	45	mpr.dll
Details	File	229	advapi32.dll
Details	File	9	%systemroot%\system32\mobsync.exe
Details	File	533	ntdll.dll
Details	File	8	%systemroot%\syswow64\mobsync.exe
Details	File	185	shell32.dll
Details	File	4	%systemroot%\syswow64\xwizard.exe
Details	File	13	sf2.dll
Details	File	4	%systemroot%\system32\xwizard.exe
Details	File	155	cscript.exe
Details	File	11	%systemroot%\explorer.exe
Details	File	6	%programfiles(x86)%\internet explorer\iexplore.exe
Details	File	59	netapi32.dll
Details	File	83	crypt32.dll
Details	File	69	shlwapi.dll
Details	File	6	wpcap.dll
Details	File	165	reg.exe
Details	File	41	wtsapi32.dll
Details	File	193	ntuser.dat
Details	File	2125	cmd.exe
Details	File	130	ws2_32.dll
Details	File	10	%programfiles%\internet explorer\iexplore.exe
Details	File	4	c:\hiberfil.sys
Details	File	146	wininet.dll
Details	File	11	objwmiservice.exe
Details	File	50	urlmon.dll
Details	File	6	aswhookx.dll
Details	File	5	aswhooka.dll
Details	File	1208	powershell.exe
Details	File	30	at.exe
Details	File	76	ping.exe
Details	File	312	calc.exe
Details	File	1	amstream.dll
Details	md5	1	a7ba7bd69d41f3be1e69740c33c4fbf8
Details	md5	1	c0675c5d2bc7ccf59e50977dd71f28ec
Details	md5	1	4279ff089ffdb4db21677b96a1364969
Details	IPv4	1441	127.0.0.1
Details	IPv4	1	98.173.34.213
Details	IPv4	1	160.3.187.114
Details	IPv4	1	73.25.124.140
Details	IPv4	1	24.50.118.93
Details	IPv4	1	82.127.125.209
Details	IPv4	1	83.110.109.106
Details	IPv4	1	79.129.121.81
Details	IPv4	1	189.223.234.23
Details	IPv4	1	125.63.101.62
Details	IPv4	1	113.22.175.141
Details	IPv4	4	172.78.30.215
Details	IPv4	3	47.146.169.85
Details	IPv4	1	47.22.148.6
Details	IPv4	3	76.25.142.196
Details	IPv4	1	78.63.226.32
Details	IPv4	1	105.198.236.101
Details	IPv4	2	75.67.192.125
Details	IPv4	1	176.181.247.197
Details	IPv4	1	105.96.8.96
Details	IPv4	1	108.31.15.10
Details	IPv4	1	176.205.222.30
Details	IPv4	1	115.133.243.6
Details	IPv4	1	83.110.11.244
Details	IPv4	1	195.43.173.70
Details	IPv4	1	197.51.82.72
Details	IPv4	4	89.137.211.239
Details	IPv4	1	105.198.236.99
Details	IPv4	1	144.139.47.206
Details	IPv4	1	202.188.138.162
Details	IPv4	1	24.43.22.218
Details	IPv4	1	69.58.147.82
Details	IPv4	1	157.131.108.180
Details	IPv4	2	92.59.35.196
Details	IPv4	1	195.12.154.8
Details	IPv4	1	86.160.137.132
Details	IPv4	1	59.90.246.200
Details	IPv4	1	96.57.188.174
Details	IPv4	1	172.87.157.235
Details	IPv4	1	189.211.177.183
Details	IPv4	1	173.184.119.153
Details	IPv4	5	50.244.112.106
Details	IPv4	1	144.139.166.18
Details	IPv4	1	90.65.236.181
Details	IPv4	1	81.150.181.168
Details	IPv4	1	68.186.192.69
Details	IPv4	3	74.222.204.82
Details	IPv4	1	197.161.154.132
Details	IPv4	1	38.92.225.121
Details	IPv4	1	197.45.110.165
Details	IPv4	1	71.117.132.169
Details	IPv4	1	85.52.72.32
Details	IPv4	1	217.133.54.140
Details	IPv4	1	193.248.221.184
Details	IPv4	3	95.77.223.148
Details	IPv4	1	83.110.103.152
Details	IPv4	1	80.227.5.69
Details	IPv4	1	209.210.187.52
Details	IPv4	2	50.29.166.232
Details	IPv4	1	108.160.123.244
Details	IPv4	3	24.152.219.253
Details	IPv4	1	81.97.154.100
Details	IPv4	1	203.198.96.37
Details	IPv4	1	80.11.173.82
Details	IPv4	1	97.69.160.4
Details	IPv4	1	196.151.252.84
Details	IPv4	3	172.115.177.204
Details	IPv4	1	98.121.187.78
Details	IPv4	1	47.187.108.172
Details	IPv4	3	216.201.162.158
Details	IPv4	3	140.82.49.12
Details	IPv4	1	71.199.192.62
Details	IPv4	1	71.88.193.17
Details	IPv4	1	182.48.193.200
Details	IPv4	5	71.187.170.235
Details	IPv4	1	77.211.30.202
Details	IPv4	1	77.27.204.204
Details	IPv4	2	96.37.113.36
Details	IPv4	1	187.250.39.162
Details	IPv4	1	122.148.156.131
Details	IPv4	3	173.21.10.71
Details	IPv4	1	119.153.43.235
Details	IPv4	4	71.74.12.34
Details	IPv4	1	75.118.1.141
Details	IPv4	1	75.136.26.147
Details	IPv4	1	67.6.12.4
Details	IPv4	2	71.197.126.250
Details	IPv4	1	78.185.59.190
Details	IPv4	1	125.239.152.76
Details	IPv4	3	45.46.53.140
Details	IPv4	1	98.240.24.57
Details	IPv4	1	199.19.117.131
Details	IPv4	1	113.211.120.112
Details	IPv4	1	74.68.144.202
Details	IPv4	1	73.153.211.227
Details	IPv4	1	98.252.118.134
Details	IPv4	1	189.222.59.177
Details	IPv4	1	187.250.177.33
Details	IPv4	1	186.28.55.211
Details	IPv4	1	189.210.115.207
Details	IPv4	1	90.101.117.122
Details	IPv4	2	72.240.200.181
Details	IPv4	3	151.205.102.42
Details	IPv4	1	24.55.112.61
Details	IPv4	1	82.12.157.95
Details	IPv4	1	189.146.183.105
Details	IPv4	1	72.252.201.69
Details	IPv4	3	109.12.111.14
Details	IPv4	5	24.229.150.54
Details	IPv4	2	67.8.103.21
Details	IPv4	1	47.196.192.184
Details	IPv4	2	24.139.72.117
Details	IPv4	1	79.115.174.55
Details	IPv4	2	94.53.92.42
Details	IPv4	1	86.236.77.68
Details	IPv4	1	89.3.198.238
Details	IPv4	1	213.60.147.140
Details	IPv4	3	84.247.55.190
Details	IPv4	1	2.7.116.188
Details	IPv4	1	106.51.85.162
Details	IPv4	1	87.202.87.210
Details	IPv4	1	142.117.191.18
Details	IPv4	1	196.221.207.137
Details	IPv4	1	188.26.91.212
Details	IPv4	1	108.46.145.30
Details	IPv4	1	125.209.114.182
Details	IPv4	1	27.223.92.142
Details	IPv4	1	173.25.45.66
Details	IPv4	1	32.210.98.6
Details	IPv4	1	65.27.228.247
Details	IPv4	1	108.29.32.251
Details	IPv4	1	189.223.97.175
Details	IPv4	1	78.97.207.104
Details	IPv4	1	181.48.190.78
Details	IPv4	1	2.232.253.79
Details	IPv4	1	136.232.34.70
Details	IPv4	1	207.246.77.75
Details	IPv4	1	45.77.115.208
Details	IPv4	1	45.63.107.192
Details	IPv4	2	45.77.117.108
Details	IPv4	1	144.202.38.185
Details	IPv4	1	149.28.98.196
Details	IPv4	1	149.28.101.90
Details	IPv4	1	149.28.99.97
Details	IPv4	1	45.32.211.207
Details	Url	1	https://www.malware-traffic-analysis.net/2021/02/24/index.html
Details	Url	4	https://malpedia.caad.fkie.fraunhofer.de/details/win.qakbot
Details	Url	1	https://any.run/malware-trends/qbot
Details	Url	3	https://isc.sans.edu/forums/diary/emotet
Details	Windows Registry Key	47	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run