March 22, 2024

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]

March 22, 2024

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Severity High Analysis Summary Turla, a Russian espionage threat actor, infected and compromised many systems of an unknown non-governmental organization (NGO) in Europe by deploying a […]

March 22, 2024

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Severity Low Analysis Summary CVE-2024-26246 Microsoft Edge (Chromium-based) could allow a physical authenticated attacker to bypass security restrictions. An attacker could exploit this vulnerability to bypass […]

March 22, 2024

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]

March 22, 2024

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Severity High Analysis Summary Turla, a Russian espionage threat actor, infected and compromised many systems of an unknown non-governmental organization (NGO) in Europe by deploying a […]

March 22, 2024

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Rewterz Threat Alert – WannaCry Ransomware – Active IOCs

June 6, 2022

Rewterz Threat Advisory – CVE-2022-26905 – Microsoft Edge (Chromium-based) Vulnerability

June 6, 2022

Rewterz Threat Alert – Qakbot (Qbot) Malware – Active IOCs

June 6, 2022

Severity

High

Analysis Summary

QBot, often known as QakBot, is modular information malware. It has been operational since 2007. This banking Trojan, QakBot steals financial data from infected systems, and a loader using C2 servers for payload targeting and download. Qakbot has worm capabilities, which let it propagate to other computers on the same network, as well as rootkit capabilities, which allow it to mask its existence and build persistence on infected computers.

A malware attachment to a phishing email is commonly used in QakBot attacks. This particular campaign includes an xls file that contains macros. These macros run a script that fetches the Qakbot payload from a list of URLs. To get the victim to activate macros, the attackers employ a common trick, like when the target downloads the file, it is asked to allow changes and then content before viewing the document.

Impact

Unauthorized Access
Financial Theft
Information Theft

Indicators of Compromise

MD5

d94f0fb760eceb56010aff16fa939e7b
136b9c85525ba66276b8c9f6b7014b0b
af8e86c5d4198549f6375df9378f983c
4966912574b4148d9cb79d46b8bda7df
b82e902a6fa78b324d310804ab307074
22a5e0e51317e6c623eb3880a86b1eb9
39d94e3683378822c66169fbdcc993a6
0612a917da7e7f287debdb311b168f9b

SHA-256

30c5d4a122f5f326c2a28f5669fea0c881fd27a3109c237b5c8cfde5ac566b20
a23ef053cccf6a35fda9adc5f1702ba99a7be695107d3ba5d1ea8c9c258299e4
7570a7a6830ade05dcf862d5862f12f12445dbd3c0ad7433d90872849e11c267
6611768442d9a23a18f9c7ced9c3c7e76cc99ea2bd233738b2b7a3c7dfc1b6b2
742725b4cbbbb2b1284e35f51b9e4880775d00b993df392bae1acdd219338865
14eba79dce68bb26b7c251c651ebdc055eae3f0d0f2ffc98bbe7cb7bf61f21bc
ec72dd1d57a0124732d91e420871b3a66faf5425fa60dbc88eeb058ca3209525
54be5b5906325dc9224d4659e15427dc9b8961e60230cea9b5f6de406f6e2232

SHA-1

08778edb17f8fa83046932f5cbe3779152eb440d
0cf5ba13d14c28c60586c7f4b9679925fa4d4172
7ab5ed449b891bd4899fba62d027a2cc26a05e6f
ea9977ca75575230b0997f08f41008b10e7c22cb
43ec4784698178f5d48cda8f3246d2afda801ffb
d620ad350448c478ab6a6f5701c33b25d8db5a10
2e2a85fd55ca1f786e2188aed9cc567a76044fe5
7c0ec486f34d1d45c4ce81deba48ddddcbdf7b19

Remediation

Block the threat indicators at their respective controls.
Search for IOCs in your environment.

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Alert – WannaCry Ransomware – Active IOCs

Rewterz Threat Advisory – CVE-2022-26905 – Microsoft Edge (Chromium-based) Vulnerability