April 18, 2024
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat ALert – FakeUpdates are Back! – IOC’s
October 2, 2019Rewterz Threat Alert – Emissary Panda APT
October 2, 2019Rewterz Threat ALert – FakeUpdates are Back! – IOC’s
October 2, 2019Rewterz Threat Alert – Emissary Panda APT
October 2, 2019
Severity
High
Analysis Summary
Qbot, or Qakbot, is a banking trojan that has been seen in the wild for at least 10 years. Recent campaigns have been often delivered by exploit kits and weaponized documents delivered via context-aware phishing campaigns. Qbot has also been suspected of delivering MegaCortex ransomware. Many recent samples are observed to conduct worm-like behavior to spread across network shares or via SMB, and contain multiple levels of anti-analysis controls such as VM awareness and lengthy execution delays.
Impact
Exposure of sensitive information
Indicators of Compromise
Malware Hash (MD5/SHA1/SH256)
- 6d0f5953b6a2234e00e720b297cdfa12a4d9074a92b85e9e5c508938b5907a0a
- bd582c5310d7eddc8adb4649b7223f877802f78d71044b24b3225f7a7e321c9e
- 68b9de2981e3d74fbc83b3e26a45eda5611fd1791362d775e12b6db5f1f5f646
- 37c27f69e643203587064068088ca2b8c1f8bc508612e2fd2f6ed6fd3e300ee5
Remediation
- Block all threat indicators at your respective controls.
- Always be suspicious about emails sent by unknown senders.
- Never click on the link/attachments sent by unknown senders.