• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Advisory – CVE-2020-6507 – Google Chrome V8 code execution
June 16, 2020
Rewterz Threat Advisory – Adobe Multiple Security Vulnerabilities
June 17, 2020

Rewterz Threat Alert – Recent QBot Malware Campaign

June 16, 2020

Severity

High

Analysis Summary

QBot, aka QakBot, is financial malware and has been active for some ten years is recently active and targeting different users in different regions. QBot variant which was delivered through a malicious Word document., while the of delivery method of the document is unknown, typically such malicious Word files are delivered using email. If a victim opens the document, they will be asked to enable macros which are required to initiate the infection process. The locations from which the malware is downloaded are located in Base64-encoded strings within the code. Once the download has been completed, the downloaded file will be executed. The payload is packed to help avoid detection and when executed will load QBot into memory. Several checks are then carried out to determine if the malware is running in a virtual machine or sandbox, if certain analysis tools are running, and it also checks CPU information. During analysis, QBot was frequently upgrading its payload file.

Impact

  • Information theft
  • Exposure of sensitive data 
  • Financial loss

Indicators of Compromise

SHA-256

  • 432B6D767539FD5065593B160128AA7DCE271799AD2088A82A16542E37AD92B0

URL

  • hxxp[:]//pickap[.]io/wp-content/uploads/2020/04/evolving/888888[.]png
  • hxxp[:]//decons[.]vn/wp-content/uploads/2020/04/evolving/888888[.]png
  • hxxp[:]//econspiracy[.]se/evolving/888888[.]png
  • hxxp[:]//enlightened-education[.]com/wp-content/uploads/2020/04/evolving/888888[.]png
  • hxxp[:]//kslanrung[.]com/evolving/888888[.]png

Remediation

  • Block all threat indicators at your respective controls.
  • Search for IOCs in your existing environment.
  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.