qakbot | b47bf41986964ec1f181f023eacc2c10eed2ad556f64d402bec61b39e60aae69

General

Target

Claim_Letter#494780.iso
Size

430KB
Sample

220914-r5ayqsecgk
MD5

13355c76c11d17bb2542608e3104fa88
SHA1

6b6174b23ac8039c32e09c59cd91afee8bac792a
SHA256

b47bf41986964ec1f181f023eacc2c10eed2ad556f64d402bec61b39e60aae69
SHA512

acd6a637009f0e27d397ed6a8d8f5e88fac9bfc2b1f48c0747d3e44e80e17659c181b31c3163a80a7eef2e0d83efb4e58b8c5789a6209e7f993abaacbe988d8d
SSDEEP

6144:gu8T9zrStWm3C3klS1gqbe5L05kVxVFInAPexY5ixyizO8wj+A:78ZSg24Vbe5LFVxVFIAPWelSZm

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

403.858

Botnet

obama202

Campaign

1663062752

C2

99.232.140.205:2222

41.69.118.117:995

179.111.111.88:32101

37.210.148.30:995

47.146.182.110:443

191.97.234.238:995

64.207.215.69:443

88.233.194.154:2222

81.131.161.131:2078

86.98.156.176:993

200.161.62.126:32101

88.244.84.195:443

78.100.254.17:2222

85.114.99.34:443

113.170.216.154:443

194.49.79.231:443

193.3.19.37:443

84.38.133.191:443

175.110.231.67:443

191.84.204.214:995

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Claim_Letter.lnk
- Size
  
  1KB
- MD5
  
  dbd85a01084c83ed79c8a6f9b597d946
- SHA1
  
  4b3942fe61f8138c7b7921f9f9c164eda42e0b0d
- SHA256
  
  f0e17e8f3be3618a8cf4cb6587401c777682ee81b0da220dc3867235f150e691
- SHA512
  
  bfb9415b5da616ea7af26544c4134e903db2c0ab8d92ee811fe8bf52da6d8169afd82957fa991aaafe124ef7ac42413d710efc5b79d11a28d872cf8d7b017f38
Score

3^/10
behavioral1 behavioral2
- Target
  
  about/theyAs.bat
- Size
  
  39B
- MD5
  
  9a910c488735e7a50bab462ee0c64d62
- SHA1
  
  50036dc5d04fbaf6ccf72b69f298fe97d1480d08
- SHA256
  
  14c7f388a6c989e830168056c04232c51112241142cc5a645a4c09647402470b
- SHA512
  
  0c178709264e93a7ae061e1b9d88d468f55ee2ecdae4650b07109a4c32db3d7dd4757f20719bb0273a4ed0619da46c4e8fe31d8a54d8507750ff3e8cad862be9
Score

1^/10
behavioral3 behavioral4
- Target
  
  about/wantNo.db
- Size
  
  368KB
- MD5
  
  aaabcb8c5464c4fdb6d72816f77f3b65
- SHA1
  
  7397d48671bde4ef13ae59f3427f0c1a1e7977d4
- SHA256
  
  1cbd5c3072fd99bff1408bc1f8a3b09206322de8b83b743a57efa24adefdb44f
- SHA512
  
  c5165a9e1f8185a94256bb67cf89d035f743e461795f0444208ee116df53bec5633673527cf52727462a8c543286c2f05f74dcc16078e5a1d2689ea434876546
- SSDEEP
  
  6144:0u8T9zrStWm3C3klS1gqbe5L05kVxVFInAPexY5ixyizO8wj+A:/8ZSg24Vbe5LFVxVFIAPWelSZm
Score

10^/10

qakbot obama202 1663062752 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
- Drops file in System32 directory
behavioral5 behavioral6
- Target
  
  about/yourWay.js
- Size
  
  208B
- MD5
  
  af846a60602a389b008dfa8d584daff7
- SHA1
  
  68217022f4b7bc88b913d7eae5bcebd11eef0ae2
- SHA256
  
  13b4e28dc14b82e7201f198fc99d400a3cfbc6d21a2cdeba73e3a3772922ad56
- SHA512
  
  7c5f87f9d1ac08bbd0dfa6ef2675192dbfe06236c753c0fe0b11c03ac177d4e7d18da263c03c4040d3251e9b01f50edb4b1325f9b54c9cf4c50a1de4771c66d2
Score

3^/10
behavioral7 behavioral8

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Loads dropped DLL

Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8