qakbot | cb6389c030782452ce9db7d4cbb665de06d969ea03aa0fdd235a018d99398d04

Resubmissions

16-09-2022 16:18

220916-trxxfsbhfn 10

15-09-2022 14:37

220915-rzkkzsdda7 10

15-09-2022 12:25

220915-plm3vadae2 7

Sharing

Copy URL

Twitter E-mail

General

Target

Claim_Letter#630026(13Sep2022).html
Size

531KB
Sample

220915-rzkkzsdda7
MD5

457691291b130861f9a0bd3713cebbd2
SHA1

e953e92ffdcc6c2a0690cac3609efbd45e36ef3c
SHA256

cb6389c030782452ce9db7d4cbb665de06d969ea03aa0fdd235a018d99398d04
SHA512

bd8178ba129530de28491bb86b730233b61dffff830d341b83264905af5eb61057c47e94540f403bde002f3ed30ec33cb1c5b11a5e2a4cdbd562dcc8eb04b71a
SSDEEP

6144:bmG04xlIE4w2SJrjY82oULCyIK5Uj+N2iZ+crS12IDkw1gof4lSBusVe5Mk/D0cH:zUUxi0ZAggof4sQr0cLGu

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

403.858

Botnet

obama202

Campaign

1663062752

99.232.140.205:2222

41.69.118.117:995

179.111.111.88:32101

37.210.148.30:995

47.146.182.110:443

191.97.234.238:995

64.207.215.69:443

88.233.194.154:2222

81.131.161.131:2078

86.98.156.176:993

200.161.62.126:32101

88.244.84.195:443

78.100.254.17:2222

85.114.99.34:443

113.170.216.154:443

194.49.79.231:443

193.3.19.37:443

84.38.133.191:443

175.110.231.67:443

191.84.204.214:995

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Claim_Letter#630026(13Sep2022).html
- Size
  
  531KB
- MD5
  
  457691291b130861f9a0bd3713cebbd2
- SHA1
  
  e953e92ffdcc6c2a0690cac3609efbd45e36ef3c
- SHA256
  
  cb6389c030782452ce9db7d4cbb665de06d969ea03aa0fdd235a018d99398d04
- SHA512
  
  bd8178ba129530de28491bb86b730233b61dffff830d341b83264905af5eb61057c47e94540f403bde002f3ed30ec33cb1c5b11a5e2a4cdbd562dcc8eb04b71a
- SSDEEP
  
  6144:bmG04xlIE4w2SJrjY82oULCyIK5Uj+N2iZ+crS12IDkw1gof4lSBusVe5Mk/D0cH:zUUxi0ZAggof4sQr0cLGu
Score

10^/10

qakbot obama202 1663062752 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

T1053

Persistence

Scheduled Task

T1053

Privilege Escalation

Scheduled Task

T1053

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Loads dropped DLL

Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2