Overview

overview

10

Static

static

Claim_Lett...).html

windows7-x64

1

Claim_Lett...).html

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Claim_Letter#805174(13Sep2022).html

  • Size

    531KB

  • Sample

    220914-wlvw1sbaa7

  • MD5

    bf8bcbba89f6847a966c0236333a7e40

  • SHA1

    8a7dc7c21ccb0a789f44a0bd9b91aaf11d273020

  • SHA256

    6eb9216ba70c781cd30fd6cf32b738d0619b4f5efbe2efc6f4193334dcbd0bea

  • SHA512

    aba686c4d8fc7471454ef7a657f835040e45deb69b80090da126b8b309a0c9bdb8a117b61078a2b43b18ee8d2d03ff7a3484b9e357273fc4469023291ddd28f2

  • SSDEEP

    6144:bmG04xlIE4w2SJrjY82oULCyIKoRnyj5IYBz6qgiIyvxZQBG+dfLK968bWAvplnp:zLRyj5IYxIypZX+lLcbH50OQ0s76lK+

Score
10/10
qakbotobama2021663062752bankerstealertrojan

Malware Config

Extracted

Family

qakbot

Version

403.858

Botnet

obama202

Campaign

1663062752

C2

99.232.140.205:2222

41.69.118.117:995

179.111.111.88:32101

37.210.148.30:995

47.146.182.110:443

191.97.234.238:995

64.207.215.69:443

88.233.194.154:2222

81.131.161.131:2078

86.98.156.176:993

200.161.62.126:32101

88.244.84.195:443

78.100.254.17:2222

85.114.99.34:443

113.170.216.154:443

194.49.79.231:443

193.3.19.37:443

84.38.133.191:443

175.110.231.67:443

191.84.204.214:995
Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      Claim_Letter#805174(13Sep2022).html

    • Size

      531KB

    • MD5

      bf8bcbba89f6847a966c0236333a7e40

    • SHA1

      8a7dc7c21ccb0a789f44a0bd9b91aaf11d273020

    • SHA256

      6eb9216ba70c781cd30fd6cf32b738d0619b4f5efbe2efc6f4193334dcbd0bea

    • SHA512

      aba686c4d8fc7471454ef7a657f835040e45deb69b80090da126b8b309a0c9bdb8a117b61078a2b43b18ee8d2d03ff7a3484b9e357273fc4469023291ddd28f2

    • SSDEEP

      6144:bmG04xlIE4w2SJrjY82oULCyIKoRnyj5IYBz6qgiIyvxZQBG+dfLK968bWAvplnp:zLRyj5IYxIypZX+lLcbH50OQ0s76lK+

    Score
    10/10
    qakbotobama2021663062752bankerstealertrojan

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

4
T1082

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks