qakbot | 3afff1f09e4b0fe911803ce0243be1fcae348e5c80affe6afb3f5a7ea3c01b06

General

Target

Claim_Letter_750231.iso
Size

430KB
Sample

220914-q34btsaec2
MD5

42a75a233cd300cb4207d6122d2cce0b
SHA1

0e60b01ec99c732a1bffadccbb62511c00e5afcd
SHA256

3afff1f09e4b0fe911803ce0243be1fcae348e5c80affe6afb3f5a7ea3c01b06
SHA512

58b06b3c28527a976e66edf7cd66b4ac92a9651a69b74310bc2b376b0cfe92293b8fbfd4b329b3a6f9c8d50a296afc200823da017247c715df094208468c1960
SSDEEP

6144:Pu8T9zrStWm3C3klS1gqbe5L05kVxVFInAPexY5ixyizO8wj+A:m8ZSg24Vbe5LFVxVFIAPWelSZm

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

403.858

Botnet

obama202

Campaign

1663062752

C2

99.232.140.205:2222

41.69.118.117:995

179.111.111.88:32101

37.210.148.30:995

47.146.182.110:443

191.97.234.238:995

64.207.215.69:443

88.233.194.154:2222

81.131.161.131:2078

86.98.156.176:993

200.161.62.126:32101

88.244.84.195:443

78.100.254.17:2222

85.114.99.34:443

113.170.216.154:443

194.49.79.231:443

193.3.19.37:443

84.38.133.191:443

175.110.231.67:443

191.84.204.214:995

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Claim_Letter.lnk
- Size
  
  1KB
- MD5
  
  20a20603744de4b58bbe9c8df4f2a59b
- SHA1
  
  4a62ef0d064726a921049ad7ef9721982749c068
- SHA256
  
  2488cde0e670c91fa763bf3fa170c7972e4880083f137815904be6b9e756ee6f
- SHA512
  
  6f8a6bb0a53bbb59f16c73a404929c0df4b4ad3e0319e3b1e8ed61755ffb19399f0f052f1ff4171260c0fde9d4d2362e9e32d9163a725e92843b377c0b4c529e
Score

3^/10
behavioral1 behavioral2
- Target
  
  about/justGive.js
- Size
  
  210B
- MD5
  
  5b0152e9a7af635566a600c310e933f5
- SHA1
  
  a5729aafb9683066038059faa8c551d09bba93e9
- SHA256
  
  241cf03a57f32b9d7141a2b1858e8c3f2a231874e053f02f7d6bf633fc2a0920
- SHA512
  
  368c9a3bc87394cf14864737e2bbf056ceeab42d08a07500f387d0230245f3b8bc6ff6a32f4c2fd86eeb346b5f1833846966e14d08230acbe8ee13e31eb9e3b7
Score

3^/10
behavioral3 behavioral4
- Target
  
  about/withThen.bat
- Size
  
  41B
- MD5
  
  ae6f77560004c2e9040ccb0217b12e5a
- SHA1
  
  add5990b5c67a4635a30fdb9125872d1eb09cb09
- SHA256
  
  228b73c1b5edcb6197057968ee563ae5069876349bd92c6beb1ab97e93a868c7
- SHA512
  
  019722a07ee51b45b259a06ab80cf21a9e0d4e5940cffb828d0829125292b7343cf2748c7a5a7931883db93c5ccf4eaaedc8727822db2a7e6adb30fac2310f5f
Score

1^/10
behavioral5 behavioral6
- Target
  
  about/yourWith.db
- Size
  
  368KB
- MD5
  
  aaabcb8c5464c4fdb6d72816f77f3b65
- SHA1
  
  7397d48671bde4ef13ae59f3427f0c1a1e7977d4
- SHA256
  
  1cbd5c3072fd99bff1408bc1f8a3b09206322de8b83b743a57efa24adefdb44f
- SHA512
  
  c5165a9e1f8185a94256bb67cf89d035f743e461795f0444208ee116df53bec5633673527cf52727462a8c543286c2f05f74dcc16078e5a1d2689ea434876546
- SSDEEP
  
  6144:0u8T9zrStWm3C3klS1gqbe5L05kVxVFInAPexY5ixyizO8wj+A:/8ZSg24Vbe5LFVxVFIAPWelSZm
Score

10^/10

qakbot obama202 1663062752 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
- Drops file in System32 directory
behavioral7 behavioral8

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Loads dropped DLL

Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8