qakbot | b86bad35602d4a37b236e55a75644623b951ed70f1ae63a95805a0550662e455 | Triage

Sharing

General

Target

7993296139.zip
Size

420KB
Sample

220915-zejrysead3
MD5

8b68d51d1a74960f29e4a40da183e829
SHA1

a9857fe821cacbd6fc4605c659234ac22e64e7bd
SHA256

b86bad35602d4a37b236e55a75644623b951ed70f1ae63a95805a0550662e455
SHA512

737862f945c683ed0f355d572e96b9ab2fad9956857614e5c1bfa196dfc272bef3c766609d3109f7dbf8a8dd0db03245fc3a3606fb36005a951609113faa96e3
SSDEEP

12288:OD+4R94SgRuW0QQhxLKx30A78uv5+/oTpSqkWIoOYXyGvB:Oa4RmPtA230scoYqkWITYXZ

Score

10^/10

qakbot obama203 1663242106 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

403.892

Botnet

obama203

Campaign

1663242106

C2

81.131.161.131:2078

217.165.85.223:993

37.210.148.30:995

200.161.62.126:32101

78.100.225.34:2222

119.82.111.158:443

66.181.164.43:443

134.35.13.45:443

193.3.19.37:443

99.232.140.205:2222

197.94.210.133:443

87.243.113.104:995

84.38.133.191:443

14.184.97.67:443

123.240.131.1:443

194.166.207.160:995

78.168.87.170:2222

180.180.131.95:443

41.96.56.224:443

190.44.40.48:995

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  012b7a55c5be0892173c386d5394588310b6d24d0c5c89025dfc8fe2f1cbf19e
- Size
  
  712KB
- MD5
  
  455302a98fcbcb07b22862b05b5bcfd2
- SHA1
  
  11b8e37d233df53ac4c1eddf55a4d4ca6a4d7969
- SHA256
  
  012b7a55c5be0892173c386d5394588310b6d24d0c5c89025dfc8fe2f1cbf19e
- SHA512
  
  0c01555261fd13d3d005e67ed1cd4dad82b6bede58eee3f82a6cb5193db368ebb1df423095dd9d5c00a2851a7f17e9931ace718c24f47f036969c50753ecbfb1
- SSDEEP
  
  12288:zoo9HXS2fWUU+Ix1uF7bci2HizBI+wIe4iqSkD4NaxE5h0:8QiLF+5UCzBI+wIcLkDSaS5h0
Score

10^/10

qakbot obama203 1663242106 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

qakbotobama2031663242106bankerstealertrojan