qakbot | 76e2469c7a3140a0766ea651b88495c5ae4cfbdedcc0ec908f24471d0e36584f

General

Target

Claim_Letter#541804.zip
Size

237KB
Sample

220914-t8hh4aaha8
MD5

4324bf871f2946f77eea9ca9a1c6d3c1
SHA1

c78421e611d3b0f3137ac7dada12fe95cf3f3ec8
SHA256

76e2469c7a3140a0766ea651b88495c5ae4cfbdedcc0ec908f24471d0e36584f
SHA512

de31c69d02e48785c2966e2838b54f0f5cae8d0c5b904aa6c0f9eb203265e5032774efebe59131452db92ad7b56c26533aafeb5c296b6c7082988e252fd7a568
SSDEEP

6144:FMV6VZFv0Xzn1DDEXMSW/W8WSUV5qpKS4zK/gG3xAtLVk:FMYf0Xzn+Ydiu5CZ+

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

403.858

Botnet

obama202

Campaign

1663062752

C2

99.232.140.205:2222

41.69.118.117:995

179.111.111.88:32101

37.210.148.30:995

47.146.182.110:443

191.97.234.238:995

64.207.215.69:443

88.233.194.154:2222

81.131.161.131:2078

86.98.156.176:993

200.161.62.126:32101

88.244.84.195:443

78.100.254.17:2222

85.114.99.34:443

113.170.216.154:443

194.49.79.231:443

193.3.19.37:443

84.38.133.191:443

175.110.231.67:443

191.84.204.214:995

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Claim_Letter.lnk
- Size
  
  1KB
- MD5
  
  9eafb6b85708e156a32aff880054f1e4
- SHA1
  
  762d6dc702c5294d0f22b232c93d7c5ce283496b
- SHA256
  
  a76d39a93955d11b4eaca9c24a698e980677335282f9415d1d68cd4cff56a08e
- SHA512
  
  115200e27b4c3d477e47b2e06924ead024b5e0cf671365de8161c4d9e8728093d0b8f1915f371545618ed3e78cb7b751b654673f1830ad8f7071f5ce761548a7
Score

3^/10
behavioral1 behavioral2
- Target
  
  about/becauseTo.bat
- Size
  
  39B
- MD5
  
  a98f6ad172d7d4f955455c9df1e5ca01
- SHA1
  
  e9f48c28238f9d4db825109b0c8486848889454e
- SHA256
  
  ee8675a75c45a85676c46b93b49ac87583d740d55d837710c8bf6f8bd3231fbf
- SHA512
  
  2d3a606858927efd11888abdb4eaffc028db113aac19d5b397fea3926751c358534e55df49afff9f56b21938d27d94a86eed0989983bc75b0610d51951d09a81
Score

1^/10
behavioral3 behavioral4
- Target
  
  about/itThis.db
- Size
  
  368KB
- MD5
  
  aaabcb8c5464c4fdb6d72816f77f3b65
- SHA1
  
  7397d48671bde4ef13ae59f3427f0c1a1e7977d4
- SHA256
  
  1cbd5c3072fd99bff1408bc1f8a3b09206322de8b83b743a57efa24adefdb44f
- SHA512
  
  c5165a9e1f8185a94256bb67cf89d035f743e461795f0444208ee116df53bec5633673527cf52727462a8c543286c2f05f74dcc16078e5a1d2689ea434876546
- SSDEEP
  
  6144:0u8T9zrStWm3C3klS1gqbe5L05kVxVFInAPexY5ixyizO8wj+A:/8ZSg24Vbe5LFVxVFIAPWelSZm
Score

10^/10

qakbot obama202 1663062752 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
- Drops file in System32 directory
behavioral5 behavioral6
- Target
  
  about/youBe.js
- Size
  
  211B
- MD5
  
  9e8f367bbef4e0f4327baaed0b3f687f
- SHA1
  
  ac694f86cea5c29a08cb581fa341f3408df84468
- SHA256
  
  ae415b3061f5a102f0516e1e11a6ebcd9172d29e014d3b69521b94a816aacf3a
- SHA512
  
  8534b6f15835b46bf0d70e53a49093ee3a7d328d6314a5fd1e8bd939014e32522c033c967826bdc721797cea7341f4640c6d5fe25bc3bd4d54e8acb275992408
Score

3^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Loads dropped DLL

Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8