Overview

overview

10

Static

static

Claim_Lett...09.iso

windows7-x64

3

Claim_Lett...09.iso

windows10-2004-x64

3

Claim_Letter.lnk

windows7-x64

3

Claim_Letter.lnk

windows10-2004-x64

3

about/outMany.dll

windows7-x64

10

about/outMany.dll

windows10-2004-x64

10

about/thereOf.js

windows7-x64

3

about/thereOf.js

windows10-2004-x64

1

about/thisTo.bat

windows7-x64

1

about/thisTo.bat

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.7z (1).zip

  • Size

    208KB

  • Sample

    220914-rswdxaaeg6

  • MD5

    849f69b2c1b979223c121c17c961f5b0

  • SHA1

    786682b047cf4ea89239b65d700d06354fce8829

  • SHA256

    759f1eb9ffadf766b0fdb944edb862215e2cf207de296c89d62da3e9b34b9fbf

  • SHA512

    1a14cbcceffae6c503314a621ee7cbb6fb1e0891431ca38aa676ae0d91b47e333a37a63217c3c97a9e336660d1ff8dae2ab37a3b156546040aeb605bbd749fe9

  • SSDEEP

    6144:UC3E38NFrHBU6WOUQL6kemQITfSfli7uHLGBe+53hFAlj:UC3ES5BU6W1kMmSw4G4C8l

Score
10/10
qakbotobama2021663062752bankerstealertrojan

Malware Config

Extracted

Family

qakbot

Version

403.858

Botnet

obama202

Campaign

1663062752

C2

99.232.140.205:2222

41.69.118.117:995

179.111.111.88:32101

37.210.148.30:995

47.146.182.110:443

191.97.234.238:995

64.207.215.69:443

88.233.194.154:2222

81.131.161.131:2078

86.98.156.176:993

200.161.62.126:32101

88.244.84.195:443

78.100.254.17:2222

85.114.99.34:443

113.170.216.154:443

194.49.79.231:443

193.3.19.37:443

84.38.133.191:443

175.110.231.67:443

191.84.204.214:995
Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Extracted

Family

qakbot

Attributes
  • salt

    ,�NR��H�#p4� *J���

Targets

    • Target

      Claim_Letter#718209.iso

    • Size

      430KB

    • MD5

      da4cc072623103cb2ff8b97b8846b2b0

    • SHA1

      9385a09046521dcf20b02cfed9e2cc9691ee4c83

    • SHA256

      e6af28ec5fe6cbdb85de305da089979eb3ec63dd3f59c83aa4a7858746c59133

    • SHA512

      aaa4db5a5ed39296c355336bca5a5ec57045c14622fa7bd14e201bae9923fe7d511691fa8af8f96f6051a70065fff55370f430d30dc7c2aa958a529ad3398cef

    • SSDEEP

      6144:eu8T9zrStWm3C3klS1gqbe5L05kVxVFInAPexY5ixyizO8wj+A:J8ZSg24Vbe5LFVxVFIAPWelSZm

    Score
    3/10
    behavioral1behavioral2

    • Target

      Claim_Letter.lnk

    • Size

      1KB

    • MD5

      608338753651ff594594052b8c288463

    • SHA1

      b480ecd069f4eb68fd89c5e49d24c8d9f395cb43

    • SHA256

      78b420999b6c2d86e9e33622cdedba3fffe3690141becf68cf6c8c6d828a1739

    • SHA512

      5aae2f18b6672c9d59872860c689afd1eb49f6098fb8906d4365f586b04668b7a9716df55ad4c0944f29ef9be830e666bbda81b41c6cb64b0830ac382581d49e

    Score
    3/10
    behavioral3behavioral4

    • Target

      about/outMany.db

    • Size

      368KB

    • MD5

      aaabcb8c5464c4fdb6d72816f77f3b65

    • SHA1

      7397d48671bde4ef13ae59f3427f0c1a1e7977d4

    • SHA256

      1cbd5c3072fd99bff1408bc1f8a3b09206322de8b83b743a57efa24adefdb44f

    • SHA512

      c5165a9e1f8185a94256bb67cf89d035f743e461795f0444208ee116df53bec5633673527cf52727462a8c543286c2f05f74dcc16078e5a1d2689ea434876546

    • SSDEEP

      6144:0u8T9zrStWm3C3klS1gqbe5L05kVxVFInAPexY5ixyizO8wj+A:/8ZSg24Vbe5LFVxVFIAPWelSZm

    Score
    10/10
    qakbotobama2021663062752bankerstealertrojan

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral5behavioral6

    • Target

      about/thereOf.js

    • Size

      208B

    • MD5

      97361709e309164ad12bf2718a0e7793

    • SHA1

      9fd1736b5fa3c7bec75ad1ba2084c4f14cea6eb3

    • SHA256

      6df40b2649e40eb336afd03dde09be3cd63e621f874cc4147f7614b721750784

    • SHA512

      4009526ef7c22fd2786354987269b9009e1e97f82946582e84c59a10887f06eff7d2b47c8d06759c56fe37516f2c24572cbe11bc7bbcaa7e35f973092b60c32d

    Score
    3/10
    behavioral7behavioral8

    • Target

      about/thisTo.bat

    • Size

      40B

    • MD5

      a48f30c18f929baafca18ea94f353274

    • SHA1

      bc0a5a5f4fae6f61d14ca752595511d9291cb953

    • SHA256

      4d097c1eb5e27d27207e81b01d03e217cb90db7bd1325ce6f6461f90a7262f45

    • SHA512

      5e38792197912ec01736214953b31a971feaa775f201e36c64d0c7db8aee8f7ef72929a3f2a5e2e632bf61b2467cc8ccbeb91d0af7f6b949370a3f1e1269dd1b

    Score
    1/10
    behavioral9behavioral10

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks