Rewterz Threat Alert – Qbot/Qakbot Attempts to Evade Detection By Overwriting Itself

Rewterz Threat ALert – FakeUpdates are Back! – IOC’s

October 2, 2019

Rewterz Threat Alert – Emissary Panda APT

October 2, 2019

Rewterz Threat Alert – Qbot/Qakbot Attempts to Evade Detection By Overwriting Itself

Severity

High

Analysis Summary

Qbot, or Qakbot, is a banking trojan that has been seen in the wild for at least 10 years. Recent campaigns have been often delivered by exploit kits and weaponized documents delivered via context-aware phishing campaigns. Qbot has also been suspected of delivering MegaCortex ransomware. Many recent samples are observed to conduct worm-like behavior to spread across network shares or via SMB, and contain multiple levels of anti-analysis controls such as VM awareness and lengthy execution delays.

Impact

Exposure of sensitive information

Indicators of Compromise

Malware Hash (MD5/SHA1/SH256)

6d0f5953b6a2234e00e720b297cdfa12a4d9074a92b85e9e5c508938b5907a0a
bd582c5310d7eddc8adb4649b7223f877802f78d71044b24b3225f7a7e321c9e
68b9de2981e3d74fbc83b3e26a45eda5611fd1791362d775e12b6db5f1f5f646
37c27f69e643203587064068088ca2b8c1f8bc508612e2fd2f6ed6fd3e300ee5

Remediation

Block all threat indicators at your respective controls.
Always be suspicious about emails sent by unknown senders.
Never click on the link/attachments sent by unknown senders.

Rewterz Threat ALert – FakeUpdates are Back! – IOC’s

Rewterz Threat Alert – Emissary Panda APT

Rewterz Threat Alert – Qbot/Qakbot Attempts to Evade Detection By Overwriting Itself

Severity

Analysis Summary

Impact

Indicators of Compromise

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan