qakbot | 7d1c0c7e4cbfe49926451ab6365455e5f3889fb17e2508afa9f6e2ebeedaa2c1 | Triage

Resubmissions

15-07-2022 15:08

220715-sh9dfsbfb7 10

12-07-2022 16:28

220712-tyx6ssaahj 10

Sharing

General

Target

PDF_3028225.msi
Size

484KB
Sample

220715-sh9dfsbfb7
MD5

47847ac5f01e037c1a18becc0dfd4611
SHA1

d6f37b18252787c2c2c31358e741d9b834440331
SHA256

7d1c0c7e4cbfe49926451ab6365455e5f3889fb17e2508afa9f6e2ebeedaa2c1
SHA512

7630b223cddfc31ef7afee9972ab4a5100b048d35f526211e331f4717260e2c29b0962ad35271701b00c5c379f7798004f5140abe8dbc88ddf083d8b2ee78004

Score

10^/10

qakbot vip01 1657631718 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

403.780

Botnet

vip01

Campaign

1657631718

C2

47.23.89.60:993

37.34.253.233:443

196.203.37.215:80

89.211.209.234:2222

81.158.239.251:2078

179.111.8.52:32101

208.107.221.224:443

24.158.23.166:995

66.230.104.103:443

92.132.132.81:2222

24.139.72.117:443

174.80.15.101:2083

24.178.196.158:2222

100.38.242.113:995

37.186.58.99:995

24.55.67.176:443

74.14.5.179:2222

172.114.160.81:443

40.134.246.185:995

63.143.92.99:995

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  PDF_3028225.msi
- Size
  
  484KB
- MD5
  
  47847ac5f01e037c1a18becc0dfd4611
- SHA1
  
  d6f37b18252787c2c2c31358e741d9b834440331
- SHA256
  
  7d1c0c7e4cbfe49926451ab6365455e5f3889fb17e2508afa9f6e2ebeedaa2c1
- SHA512
  
  7630b223cddfc31ef7afee9972ab4a5100b048d35f526211e331f4717260e2c29b0962ad35271701b00c5c379f7798004f5140abe8dbc88ddf083d8b2ee78004
Score

10^/10

qakbot vip01 1657631718 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Blocklisted process makes network request
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotvip011657631718bankerstealertrojan

behavioral2

qakbotvip011657631718bankerstealertrojan