ioc[.]one - OSINT Cyber Threat Intelligence Database

Qbot: A Deep Dive into the Banking Trojan

Tags

cmtmf-attack-pattern:	Process Injection
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Direct Model Botnet - T1583.005 Botnet - T1584.005 Exploits - T1587.004 Exploits - T1588.005 Hardware - T1592.001 Hooking - T1617 Malware - T1587.001 Malware - T1588.001 Mmc - T1218.014 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Process Injection - T1631 Python - T1059.006 Scheduled Task - T1053.005 Software - T1592.002 Tool - T1588.002 Graphical User Interface - T1061 Hooking - T1179 Powershell - T1086 Process Injection - T1055 Scheduled Task - T1053 Windows Management Instrumentation - T1047 Graphical User Interface Hooking

Show in Graph

Common Information

Type	Value
UUID	8b757aa8-b0b9-4282-99a0-02657db2a9c1
Fingerprint	aa0349542db516a1
Analysis status	DONE
Considered CTI value	0
Text language
Published	June 26, 2023, 4:59 p.m.
Added to db	June 26, 2023, 7:30 p.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	Qbot: A Deep Dive into the Banking Trojan
Title	Qbot: A Deep Dive into the Banking Trojan
Detected Hints/Tags/Attributes	98/3/185

Source URLs

	Redirection	Url
Details	Source	https://medium.com/@farghly.mahmod66/qbot-static-analysis-d6e36a7020de?source=rss------malware-5

URL Provider

Details	Provider	Source level domain
Details	medium.com	medium.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	171	✔	Malware on Medium	https://medium.com/feed/tag/malware	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	2	pickap.io
Details	Domain	2	decons.vn
Details	Domain	2	econspiracy.se
Details	Domain	2	enlightened-education.com
Details	Domain	2	kslanrung.com
Details	Domain	48	pefile.pe
Details	Domain	13	section.name
Details	Domain	3	st29.ru
Details	Domain	3	restaurantbrighton.ru
Details	Domain	3	royalapartments.pl
Details	Domain	3	alergeny.dietapacjenta.pl
Details	Domain	3	egyorg.com
Details	File	5	b'.dat
Details	File	4	ivm-inject.dll
Details	File	83	sbiedll.dll
Details	File	17	artifact.exe
Details	File	11	vmnat.exe
Details	File	4	c:\hiberfil.sys
Details	File	5	aswhooka.dll
Details	File	6	aswhookx.dll
Details	File	165	reg.exe
Details	File	11	objwmiservice.exe
Details	File	155	cscript.exe
Details	File	2	%appdata%\microsoft\vhdktrbeex\qbot.exe
Details	File	142	wmiprvse.exe
Details	File	2	rege.exe
Details	File	1208	powershell.exe
Details	File	1	c:\users\hack\appdata\roaming\microsoft\zqtyjwtbony\nlpuzzcw.exe
Details	File	185	shell32.dll
Details	File	60	c:\windows\system32\schtasks.exe
Details	File	1	c:\users\username\desktop\qbotfortesting\qbot.bin
Details	File	312	calc.exe
Details	File	2125	cmd.exe
Details	File	76	ping.exe
Details	File	1	c:\window\system32\calc.exe
Details	File	1	c:\users\username\desktop\qbotfortesting\qbotfortesting_00820000.bin
Details	File	249	schtasks.exe
Details	File	1	nlpuzzcw.exe
Details	File	2	88888888.png
Details	sha256	2	f5ff6dbf5206cc2db098b41f5af14303f6dc43e36c5ec02604a50d5cfecf4790
Details	sha256	1	118fc3d93d6e34b8f1a817313e218a3a4f5baf996e03cd2be34e237b197fa0f3
Details	IPv4	1441	127.0.0.1
Details	IPv4	2	39.36.254.179
Details	IPv4	3	24.139.132.70
Details	IPv4	3	24.202.42.48
Details	IPv4	2	72.204.242.138
Details	IPv4	2	172.242.156.50
Details	IPv4	3	68.174.15.223
Details	IPv4	2	74.193.197.246
Details	IPv4	2	96.56.237.174
Details	IPv4	3	64.19.74.29
Details	IPv4	2	70.168.130.172
Details	IPv4	2	189.236.166.167
Details	IPv4	2	68.4.137.211
Details	IPv4	2	76.187.8.160
Details	IPv4	2	76.86.57.179
Details	IPv4	3	73.226.220.56
Details	IPv4	3	67.250.184.157
Details	IPv4	3	75.183.171.155
Details	IPv4	3	173.172.205.216
Details	IPv4	3	173.3.132.17
Details	IPv4	4	172.78.30.215
Details	IPv4	3	207.255.161.8
Details	IPv4	2	75.137.239.211
Details	IPv4	3	68.49.120.179
Details	IPv4	2	206.51.202.106
Details	IPv4	2	82.127.193.151
Details	IPv4	3	24.152.219.253
Details	IPv4	2	187.19.151.218
Details	IPv4	2	197.37.48.37
Details	IPv4	2	188.241.243.175
Details	IPv4	2	72.88.119.131
Details	IPv4	4	89.137.211.239
Details	IPv4	2	108.30.125.94
Details	IPv4	2	187.163.101.137
Details	IPv4	2	100.19.7.242
Details	IPv4	2	45.77.164.175
Details	IPv4	2	80.240.26.178
Details	IPv4	2	66.208.105.6
Details	IPv4	2	207.246.75.201
Details	IPv4	3	199.247.22.145
Details	IPv4	2	199.247.16.80
Details	IPv4	3	95.77.223.148
Details	IPv4	2	68.60.221.169
Details	IPv4	2	5.107.220.84
Details	IPv4	2	41.228.212.22
Details	IPv4	2	86.233.4.153
Details	IPv4	2	68.200.23.189
Details	IPv4	2	201.146.127.158
Details	IPv4	2	79.114.199.39
Details	IPv4	3	87.65.204.240
Details	IPv4	4	71.74.12.34
Details	IPv4	2	217.162.149.212
Details	IPv4	2	195.162.106.93
Details	IPv4	2	75.165.112.82
Details	IPv4	2	201.248.102.4
Details	IPv4	4	96.41.93.96
Details	IPv4	2	89.247.216.127
Details	IPv4	2	84.232.238.30
Details	IPv4	2	103.238.231.40
Details	IPv4	2	174.34.67.106
Details	IPv4	2	98.115.138.61
Details	IPv4	2	91.125.21.16
Details	IPv4	3	84.247.55.190
Details	IPv4	3	193.248.44.2
Details	IPv4	2	74.135.37.79
Details	IPv4	2	78.96.190.54
Details	IPv4	2	86.126.97.183
Details	IPv4	2	2.50.47.97
Details	IPv4	2	68.39.160.40
Details	IPv4	2	96.232.203.15
Details	IPv4	2	86.144.150.29
Details	IPv4	2	71.220.191.200
Details	IPv4	2	24.231.54.185
Details	IPv4	4	80.14.209.42
Details	IPv4	5	24.164.79.147
Details	IPv4	2	70.183.127.6
Details	IPv4	5	47.153.115.154
Details	IPv4	3	184.180.157.203
Details	IPv4	2	50.104.68.223
Details	IPv4	4	67.165.206.193
Details	IPv4	2	200.113.201.83
Details	IPv4	2	24.42.14.241
Details	IPv4	2	189.160.203.110
Details	IPv4	2	188.27.76.139
Details	IPv4	2	49.207.105.25
Details	IPv4	2	71.210.177.4
Details	IPv4	2	117.242.253.163
Details	IPv4	5	50.244.112.106
Details	IPv4	2	69.92.54.95
Details	IPv4	2	41.34.91.90
Details	IPv4	2	41.97.138.74
Details	IPv4	3	72.29.181.77
Details	IPv4	2	71.88.168.176
Details	IPv4	2	2.50.171.142
Details	IPv4	2	67.83.54.76
Details	IPv4	2	86.125.145.90
Details	IPv4	2	24.122.157.93
Details	IPv4	3	47.146.169.85
Details	IPv4	2	72.181.9.163
Details	IPv4	2	187.155.74.5
Details	IPv4	2	71.209.187.4
Details	IPv4	2	74.75.216.202
Details	IPv4	2	24.44.180.236
Details	IPv4	2	24.43.22.220
Details	IPv4	2	108.188.116.179
Details	IPv4	2	100.4.173.223
Details	IPv4	3	76.170.77.99
Details	IPv4	2	70.95.118.217
Details	IPv4	3	134.0.196.46
Details	IPv4	3	68.225.56.31
Details	IPv4	2	108.190.151.108
Details	IPv4	4	50.244.112.10
Details	IPv4	3	173.22.120.11
Details	IPv4	2	92.17.167.87
Details	IPv4	4	72.209.191.27
Details	IPv4	5	71.187.170.235
Details	IPv4	2	71.187.7.239
Details	IPv4	2	184.98.104.7
Details	IPv4	2	70.124.29.226
Details	IPv4	2	137.99.224.198
Details	IPv4	2	73.23.194.75
Details	IPv4	3	151.205.102.42
Details	IPv4	2	64.224.76.152
Details	IPv4	2	173.187.101.221
Details	IPv4	2	72.179.13.59
Details	IPv4	2	208.93.202.49
Details	IPv4	2	70.174.3.241
Details	IPv4	2	96.37.137.42
Details	IPv4	2	76.111.128.194
Details	IPv4	6	67.209.195.198
Details	IPv4	2	61.3.184.27
Details	IPv4	2	74.56.167.31
Details	IPv4	2	5.193.61.212
Details	IPv4	2	117.216.177.171
Details	Url	1	http://pickap.io/wp-content/uploads/2020/04/evolving/888888.png
Details	Url	1	http://decons.vn/wp-content/uploads/2020/04/evolving/888888.png
Details	Url	1	http://econspiracy.se/evolving/888888.png
Details	Url	1	http://enlightened-education.com/wpcontent/uploads/2020/04/evolving/888888.png
Details	Url	1	http://kslanrung.com/evolving/888888.png
Details	Url	2	http://st29.ru/tbzirttmcnmb/88888888.png
Details	Url	2	http://restaurantbrighton.ru/uyqcb/88888888.png
Details	Url	2	http://royalapartments.pl/vtjwwoqxaix/88888888.png
Details	Url	2	http://alergeny.dietapacjenta.pl/pgaakzs/88888888.png
Details	Url	2	http://egyorg.com/vxvipjfembb/88888888.png