qakbot | e544c99986ba3917404c7a2871e9840f13c5b60af7772f53b41de0be00ec8227

General

Target

Claim_Letter#880486.iso
Size

430KB
Sample

220914-sygy5seddp
MD5

6392e2d2876c1eee43b288e3f57345c8
SHA1

2258b5f546d3059ceb724552bac04fbdbe9e3049
SHA256

e544c99986ba3917404c7a2871e9840f13c5b60af7772f53b41de0be00ec8227
SHA512

b270d8f585450da196903613c6b2b5dfcfb560fffa1805a604a4e7bb6ef4b177b533d88384f586c506544254a2be49d82409fc896b0011cc581f07099aa518c7
SSDEEP

6144:eu8T9zrStWm3C3klS1gqbe5L05kVxVFInAPexY5ixyizO8wj+A:J8ZSg24Vbe5LFVxVFIAPWelSZm

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

403.858

Botnet

obama202

Campaign

1663062752

C2

99.232.140.205:2222

41.69.118.117:995

179.111.111.88:32101

37.210.148.30:995

47.146.182.110:443

191.97.234.238:995

64.207.215.69:443

88.233.194.154:2222

81.131.161.131:2078

86.98.156.176:993

200.161.62.126:32101

88.244.84.195:443

78.100.254.17:2222

85.114.99.34:443

113.170.216.154:443

194.49.79.231:443

193.3.19.37:443

84.38.133.191:443

175.110.231.67:443

191.84.204.214:995

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Claim_Letter.lnk
- Size
  
  1KB
- MD5
  
  c53b47b2e0791335f27db7d2bc8a1840
- SHA1
  
  4ccca8b640e34f78105030230df75071fe6e79a5
- SHA256
  
  f4fb6388e14d3108d5a422c26a504433700593760ff0de87eabec97841d70d09
- SHA512
  
  56c99109bbcaf12d458beb1769d72184dcf9095e5f29e7382157b1f5853f79aff1b992660a84a4ec0157270f10d9206c7640391c84e257adaea7e7777515780f
Score

3^/10
behavioral1 behavioral2
- Target
  
  about/doGive.bat
- Size
  
  42B
- MD5
  
  d8996b265c0c47c59bf8f9188f4a8827
- SHA1
  
  0f1488177c0d4ac8f290f8272c33a4373bfe3cec
- SHA256
  
  1f568e59207d9cd0ab504cf40f59a5f5bea5c1ff0dcf93755c508ac565c6b8e7
- SHA512
  
  584d2903a44e05f34a39ba511437ebd4ed8fe0bbef0a842f317f4cfe3b68f09fe1ca60abb64476801067ab93c4bf64ad1afadbc6c518ceb4e822ab6dd7c78548
Score

1^/10
behavioral3 behavioral4
- Target
  
  about/justFirst.db
- Size
  
  368KB
- MD5
  
  aaabcb8c5464c4fdb6d72816f77f3b65
- SHA1
  
  7397d48671bde4ef13ae59f3427f0c1a1e7977d4
- SHA256
  
  1cbd5c3072fd99bff1408bc1f8a3b09206322de8b83b743a57efa24adefdb44f
- SHA512
  
  c5165a9e1f8185a94256bb67cf89d035f743e461795f0444208ee116df53bec5633673527cf52727462a8c543286c2f05f74dcc16078e5a1d2689ea434876546
- SSDEEP
  
  6144:0u8T9zrStWm3C3klS1gqbe5L05kVxVFInAPexY5ixyizO8wj+A:/8ZSg24Vbe5LFVxVFIAPWelSZm
Score

10^/10

qakbot obama202 1663062752 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
- Drops file in System32 directory
behavioral5 behavioral6
- Target
  
  about/wellThing.js
- Size
  
  208B
- MD5
  
  5f60c99c6a73734338667bf85b2b2b51
- SHA1
  
  b9f42f5957d21acd3dbb25d3e5fe56e939e77ca7
- SHA256
  
  f53db0cabdb1d9610afcd83f825b126a0f82175bcafbdbd422aeeb15d7f58aa3
- SHA512
  
  15c5d182c4687a3e2a34f86dbeebcdf4793ba0bb9894f2a87d02c5a4211f27417f5c5e8cd9ca0e40b640faf5061c15eeb582ef14296941e3c31098aeaeab04cd
Score

3^/10
behavioral7 behavioral8

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Loads dropped DLL

Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8