• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – APT-C-27 Raddex Family Malicious Android APK
December 16, 2020
Rewterz Threat Alert – TA505 Packed Samples – IoCs
December 16, 2020

Rewterz Threat Alert – Active QakBot Malspam Activity

December 16, 2020

Severity

High

Analysis Summary

QakBot is financial malware known to target businesses to drain their online banking accounts. The malware features worm capabilities to self-replicate through shared drives and removable media. It uses powerful information-stealing features to spy on users’ banking activity and eventually defraud them of large sums of money. QakBot is modular, multithread malware whose various components implement online banking credential theft, a backdoor feature, SOCKS proxy, extensive anti-research capabilities and the ability to subvert antivirus (AV) tools. Aside from its evasion techniques, given admin privileges, QakBot’s current variant can disable security software running on the endpoint.

Impact

  • Credential Theft 
  • Unauthorized Access 
  • Theft of banking information 
  • Unauthorized Code Execution 
  • Information theft

Indicators of Compromise

MD5

  • 93a7bed84709385e17944885adc299dc
  • f63b0c1d293043701fc708c759d4895a
  • f7afd1f5e34da090a6175737c622b853

SHA-256

  • 2a2e0656f036e46a60f15c1259d75eeb6d26f51a9748969b37cdd28cc20343a2
  • ce27a7341c90aa0a0588aeca6a995c8e1966c294cac88da2078bdaebbdc1151d
  • 7f97e6d6337b217ab428de65fc72652be1c739c0ba34b9ef1f629ec823131254
  • 0ca1bd1d0e4a9733b497c14fc5379fa0894937859e8c40cad0b48154112cc4a4

SHA1

  • a8e5d9116f62c9bd475ae7cbb56aafed67cc2ce0
  • 712830d521d4c3c46433e8ea6668512d3c9ad63f
  • c22a9a3ff849f1f9f4542d3dd4b3b0a3ed5054fa

Remediation

  • Block all threat indicators at your respective controls.
  • Search for IOCs in your environment,
  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.