qakbot | f2956da25bd8b3682d6945aed72f24d8bd3198bc5eba2a4232f9cb76e254829d

General

Target

local.dll
Size

843KB
MD5

c8407e27ce9bf51688106a1fbe3643af
SHA1

1aa5cd097a19e7134f4a1566f77d089a718dfa6e
SHA256

4ba3ad5f455f832e3190e4f64569f91d8b0ade3181e7b17249fbfeb523352be3
SHA512

1167d1b0830b31825c3b91edc78e27783729cbdd3c0f240e935e76ffbb3d6cc364317aa8a50f6b7980012ee2cee1c19584d588fdfda3645fee9bbd44d7592d39

Score

10^/10

qakbot obama187 1654695312 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

403.688

Botnet

obama187

Campaign

1654695312

C2

197.164.182.46:993

70.51.135.90:2222

187.251.132.144:22

37.186.54.254:995

80.11.74.81:2222

41.84.236.245:995

24.139.72.117:443

177.94.57.126:32101

37.34.253.233:443

186.90.153.162:2222

32.221.224.140:995

208.107.221.224:443

67.165.206.193:993

63.143.92.99:995

88.232.220.207:443

189.78.107.163:32101

74.14.5.179:2222

148.0.56.63:443

40.134.246.185:995

173.21.10.71:2222

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Signatures

Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
trojan banker stealer qakbot
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4772 3156 WerFault.exe rundll32.exe

pid	pid_target	process	target process
4772	3156	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2828 wrote to memory of 3156	2828	rundll32.exe	rundll32.exe
PID 2828 wrote to memory of 3156	2828	rundll32.exe	rundll32.exe
PID 2828 wrote to memory of 3156	2828	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\local.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2828

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\local.dll,#1
2⤵
PID:3156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 748
3⤵
- Program crash
PID:4772

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3156-117-0x0000000000000000-mapping.dmp

Download
memory/3156-118-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/3156-119-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/3156-120-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/3156-121-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/3156-122-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/3156-123-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/3156-124-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/3156-125-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/3156-126-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/3156-127-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/3156-128-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/3156-129-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/3156-130-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/3156-131-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/3156-132-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/3156-133-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/3156-134-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/3156-135-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/3156-136-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/3156-137-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/3156-138-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/3156-139-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/3156-140-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/3156-141-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/3156-142-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/3156-143-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/3156-144-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/3156-145-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/3156-146-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/3156-147-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/3156-148-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/3156-149-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/3156-151-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/3156-150-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/3156-152-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/3156-153-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/3156-154-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/3156-155-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/3156-156-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/3156-158-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/3156-160-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/3156-161-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/3156-159-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/3156-163-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/3156-162-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/3156-164-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/3156-165-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/3156-166-0x0000000005F20000-0x0000000005F42000-memory.dmp

Filesize
136KB

Download
memory/3156-167-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/3156-168-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/3156-170-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/3156-169-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/3156-171-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/3156-172-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/3156-173-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/3156-174-0x0000000005EE0000-0x0000000005F12000-memory.dmp

Filesize
200KB

Download
memory/3156-175-0x0000000005F20000-0x0000000005F42000-memory.dmp

Filesize
136KB

Download
memory/3156-176-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/3156-177-0x0000000005F20000-0x0000000005F42000-memory.dmp

Filesize
136KB

Download

Analysis

Sharing