qakbot | 90cfad2bf72c84c5ca24d18266286cf20916c2c53e73f35585fb9722746c8a09

General

Target

PW_Claim_Letter#551908_ISO.zip
Size

241KB
Sample

220914-r75k5aecgr
MD5

f4c87746392b9fb352c6b83049bc3e5b
SHA1

6029c8e1f30ddb39b7e8e5b0d2a1432fa8cc2c07
SHA256

90cfad2bf72c84c5ca24d18266286cf20916c2c53e73f35585fb9722746c8a09
SHA512

ac98828889649832217e1e7d0fb36941f7c812c2cf9723a572ad3bc5ed26690177c2c304ada8d40403028250dfcfe42a2cdae49cd67a58374ac77a99d0f5dbd9
SSDEEP

6144:LhCBDBt6ef/E5vLWm6guAbATPdZCzUcfzMvCJtyzH6rumcDG+2mj:Ls36e/2qFsbATz5qz12zWA

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

403.858

Botnet

obama202

Campaign

1663062752

C2

99.232.140.205:2222

41.69.118.117:995

179.111.111.88:32101

37.210.148.30:995

47.146.182.110:443

191.97.234.238:995

64.207.215.69:443

88.233.194.154:2222

81.131.161.131:2078

86.98.156.176:993

200.161.62.126:32101

88.244.84.195:443

78.100.254.17:2222

85.114.99.34:443

113.170.216.154:443

194.49.79.231:443

193.3.19.37:443

84.38.133.191:443

175.110.231.67:443

191.84.204.214:995

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Claim_Letter#551908_ISO/Claim_Letter.lnk
- Size
  
  1KB
- MD5
  
  e02eb1bc0d5bc3155ed8657f70d57a94
- SHA1
  
  951bcf9be3b6d0ee9a272918d97d53b8190f589e
- SHA256
  
  6a4a7bcd63964cb932ef3e938aa7118eab8a286650326da023e30e73a2b283a2
- SHA512
  
  c6d980edf2d9f5910edbed5cd0567120ee817181a42a44edb2ba68281cdc511a01d42406d11c65322ad7ce3780ea975c271893b57c8b8411fb685388f2a618ff
Score

3^/10
behavioral1
- Target
  
  Claim_Letter#551908_ISO/about/allTo.db
- Size
  
  368KB
- MD5
  
  aaabcb8c5464c4fdb6d72816f77f3b65
- SHA1
  
  7397d48671bde4ef13ae59f3427f0c1a1e7977d4
- SHA256
  
  1cbd5c3072fd99bff1408bc1f8a3b09206322de8b83b743a57efa24adefdb44f
- SHA512
  
  c5165a9e1f8185a94256bb67cf89d035f743e461795f0444208ee116df53bec5633673527cf52727462a8c543286c2f05f74dcc16078e5a1d2689ea434876546
- SSDEEP
  
  6144:0u8T9zrStWm3C3klS1gqbe5L05kVxVFInAPexY5ixyizO8wj+A:/8ZSg24Vbe5LFVxVFIAPWelSZm
Score

10^/10

qakbot obama202 1663062752 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral2
- Target
  
  Claim_Letter#551908_ISO/about/asIt.bat
- Size
  
  38B
- MD5
  
  9ef9998c5fdd4d2749cf8bc67165c265
- SHA1
  
  76d6aad2bc09d5f2d0a2231ea7baf494d2c8a719
- SHA256
  
  ecaccfebce6b51f984143c1da76b8362de02c9b1abc97d6c954d822dd955dcd9
- SHA512
  
  09f7c6037a9c152177b21e116e522de55ef7e13ec94931856614ee32ba14e01341ee1c55eb62e35df59cd08712c626b65b51199bb00194c9ad1d03531b2090ed
Score

1^/10
behavioral3
- Target
  
  Claim_Letter#551908_ISO/about/noSome.js
- Size
  
  206B
- MD5
  
  ff28e38180a1c1a4d19eb19d066d559e
- SHA1
  
  213daf8170f58b1ded6f63ca815aec6418d2d192
- SHA256
  
  0af007c728bd2ac757f7cd5f7ebf90db00764ba0e25cd77dd2a5e1b871a32085
- SHA512
  
  ff95fc33b4c3a53067dee41060c0a6652e1af2c6deaa80f74cc28a54471faabb0f77c87810827c07de00dd0e5c723ead9c3112c5be062cb3417ab6e2c1ff71df
Score

1^/10
behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4