qakbot | 759f1eb9ffadf766b0fdb944edb862215e2cf207de296c89d62da3e9b34b9fbf

Sharing

Copy URL

Twitter E-mail

General

Target

file.7z (1).zip
Size

208KB
Sample

220914-rswdxaaeg6
MD5

849f69b2c1b979223c121c17c961f5b0
SHA1

786682b047cf4ea89239b65d700d06354fce8829
SHA256

759f1eb9ffadf766b0fdb944edb862215e2cf207de296c89d62da3e9b34b9fbf
SHA512

1a14cbcceffae6c503314a621ee7cbb6fb1e0891431ca38aa676ae0d91b47e333a37a63217c3c97a9e336660d1ff8dae2ab37a3b156546040aeb605bbd749fe9
SSDEEP

6144:UC3E38NFrHBU6WOUQL6kemQITfSfli7uHLGBe+53hFAlj:UC3ES5BU6W1kMmSw4G4C8l

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

403.858

Botnet

obama202

Campaign

1663062752

99.232.140.205:2222

41.69.118.117:995

179.111.111.88:32101

37.210.148.30:995

47.146.182.110:443

191.97.234.238:995

64.207.215.69:443

88.233.194.154:2222

81.131.161.131:2078

86.98.156.176:993

200.161.62.126:32101

88.244.84.195:443

78.100.254.17:2222

85.114.99.34:443

113.170.216.154:443

194.49.79.231:443

193.3.19.37:443

84.38.133.191:443

175.110.231.67:443

191.84.204.214:995

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Extracted

Family

qakbot

Attributes

salt
,�NR��H�#p4�*J��

Targets

- Target
  
  Claim_Letter#718209.iso
- Size
  
  430KB
- MD5
  
  da4cc072623103cb2ff8b97b8846b2b0
- SHA1
  
  9385a09046521dcf20b02cfed9e2cc9691ee4c83
- SHA256
  
  e6af28ec5fe6cbdb85de305da089979eb3ec63dd3f59c83aa4a7858746c59133
- SHA512
  
  aaa4db5a5ed39296c355336bca5a5ec57045c14622fa7bd14e201bae9923fe7d511691fa8af8f96f6051a70065fff55370f430d30dc7c2aa958a529ad3398cef
- SSDEEP
  
  6144:eu8T9zrStWm3C3klS1gqbe5L05kVxVFInAPexY5ixyizO8wj+A:J8ZSg24Vbe5LFVxVFIAPWelSZm
Score

3^/10
behavioral1 behavioral2
- Target
  
  Claim_Letter.lnk
- Size
  
  1KB
- MD5
  
  608338753651ff594594052b8c288463
- SHA1
  
  b480ecd069f4eb68fd89c5e49d24c8d9f395cb43
- SHA256
  
  78b420999b6c2d86e9e33622cdedba3fffe3690141becf68cf6c8c6d828a1739
- SHA512
  
  5aae2f18b6672c9d59872860c689afd1eb49f6098fb8906d4365f586b04668b7a9716df55ad4c0944f29ef9be830e666bbda81b41c6cb64b0830ac382581d49e
Score

3^/10
behavioral3 behavioral4
- Target
  
  about/outMany.db
- Size
  
  368KB
- MD5
  
  aaabcb8c5464c4fdb6d72816f77f3b65
- SHA1
  
  7397d48671bde4ef13ae59f3427f0c1a1e7977d4
- SHA256
  
  1cbd5c3072fd99bff1408bc1f8a3b09206322de8b83b743a57efa24adefdb44f
- SHA512
  
  c5165a9e1f8185a94256bb67cf89d035f743e461795f0444208ee116df53bec5633673527cf52727462a8c543286c2f05f74dcc16078e5a1d2689ea434876546
- SSDEEP
  
  6144:0u8T9zrStWm3C3klS1gqbe5L05kVxVFInAPexY5ixyizO8wj+A:/8ZSg24Vbe5LFVxVFIAPWelSZm
Score

10^/10

qakbot obama202 1663062752 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
- Drops file in System32 directory
behavioral5 behavioral6
- Target
  
  about/thereOf.js
- Size
  
  208B
- MD5
  
  97361709e309164ad12bf2718a0e7793
- SHA1
  
  9fd1736b5fa3c7bec75ad1ba2084c4f14cea6eb3
- SHA256
  
  6df40b2649e40eb336afd03dde09be3cd63e621f874cc4147f7614b721750784
- SHA512
  
  4009526ef7c22fd2786354987269b9009e1e97f82946582e84c59a10887f06eff7d2b47c8d06759c56fe37516f2c24572cbe11bc7bbcaa7e35f973092b60c32d
Score

3^/10
behavioral7 behavioral8
- Target
  
  about/thisTo.bat
- Size
  
  40B
- MD5
  
  a48f30c18f929baafca18ea94f353274
- SHA1
  
  bc0a5a5f4fae6f61d14ca752595511d9291cb953
- SHA256
  
  4d097c1eb5e27d27207e81b01d03e217cb90db7bd1325ce6f6461f90a7262f45
- SHA512
  
  5e38792197912ec01736214953b31a971feaa775f201e36c64d0c7db8aee8f7ef72929a3f2a5e2e632bf61b2467cc8ccbeb91d0af7f6b949370a3f1e1269dd1b
Score

1^/10
behavioral9 behavioral10

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

T1053

Persistence

Scheduled Task

T1053

Privilege Escalation

Scheduled Task

T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Qakbot/Qbot

Loads dropped DLL

Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10