Overview

overview

10

Static

static

Claim_Letter.lnk

windows10-2004-x64

3

about/thanCan.js

windows10-2004-x64

1

about/themAnd.dll

windows10-2004-x64

10

about/thereTell.bat

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Claim_Letter#574770.iso

  • Size

    430KB

  • Sample

    220916-jd5d9safgm

  • MD5

    983889e536973d7bb343170b47f212e6

  • SHA1

    9c74baaf676612c0682d748b9edda37e03391b31

  • SHA256

    05198fc4aef924a86fdd27e4f5cf42bb7d7f223b130e0a18c3e621db1550f6e1

  • SHA512

    e259cd31e9a8ed458cbbb05e88565083b601ae4a36a74c7860e18284f7f162ef508281e4c16f0e1c4644cbe60c2c9be49977a2a97f318abb690ee958b8271304

  • SSDEEP

    6144:gu8T9zrStWm3C3klS1gqbe5L05kVxVFInAPexY5ixyizO8wj+A:78ZSg24Vbe5LFVxVFIAPWelSZm

Score
10/10
qakbotobama2021663062752bankerstealertrojan

Malware Config

Extracted

Family

qakbot

Version

403.858

Botnet

obama202

Campaign

1663062752

C2

99.232.140.205:2222

41.69.118.117:995

179.111.111.88:32101

37.210.148.30:995

47.146.182.110:443

191.97.234.238:995

64.207.215.69:443

88.233.194.154:2222

81.131.161.131:2078

86.98.156.176:993

200.161.62.126:32101

88.244.84.195:443

78.100.254.17:2222

85.114.99.34:443

113.170.216.154:443

194.49.79.231:443

193.3.19.37:443

84.38.133.191:443

175.110.231.67:443

191.84.204.214:995
Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      Claim_Letter.lnk

    • Size

      1KB

    • MD5

      aa0962a092e578723e497df512bb588e

    • SHA1

      e6a8bbfb03733d1f81a35015ae68dd6746d1989f

    • SHA256

      9978c4b831cfc562de2d1f07e13d64dd08095b57b599cd670660c57d91070a6c

    • SHA512

      94f94f1e1c77a7b9ae1311a289949406f82bd96004e0ff3161b17357bbc40c82fb38fa02b5cf7c69e381b979be33694d23bc2234ff86d9c12566cc6083f16b71

    Score
    3/10
    behavioral1

    • Target

      about/thanCan.js

    • Size

      211B

    • MD5

      871dbba16a844db1cb3b8705fa9c8d72

    • SHA1

      226cec234ee83e5aa2680ebaf2e794e8a98e4d22

    • SHA256

      7a3c1c5df8c4a7f1f38bc56ec4832e43e9acce81652d7057b99eb334519fc4e3

    • SHA512

      ef32dd51f1c5a70c5b91d73c1ff13447d7538fc342b6e8cb24aa5d696cafa210cf22ca14824b0337146cdbc89c4015cdaf2a68984130a829ae5546cd52e3862a

    Score
    1/10
    behavioral2

    • Target

      about/themAnd.db

    • Size

      368KB

    • MD5

      aaabcb8c5464c4fdb6d72816f77f3b65

    • SHA1

      7397d48671bde4ef13ae59f3427f0c1a1e7977d4

    • SHA256

      1cbd5c3072fd99bff1408bc1f8a3b09206322de8b83b743a57efa24adefdb44f

    • SHA512

      c5165a9e1f8185a94256bb67cf89d035f743e461795f0444208ee116df53bec5633673527cf52727462a8c543286c2f05f74dcc16078e5a1d2689ea434876546

    • SSDEEP

      6144:0u8T9zrStWm3C3klS1gqbe5L05kVxVFInAPexY5ixyizO8wj+A:/8ZSg24Vbe5LFVxVFIAPWelSZm

    Score
    10/10
    qakbotobama2021663062752bankerstealertrojan

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral3

    • Target

      about/thereTell.bat

    • Size

      40B

    • MD5

      a75e0405cf5233e25dfb843359ef04e7

    • SHA1

      7899569b2e193f0b11772aa7c61b5c973cdabc1e

    • SHA256

      69ea0df9825803e2f4553c231bd7f454daf6db1033a9b2fa9c70713de933eb84

    • SHA512

      b940ee11c089347eafb583b68ccc9e9b6337859c71848e46c9de17ae797c27fd43de0a0ee365047eff2241e957cf57a3c7171040b604d7afd6366348338002ce

    Score
    1/10
    behavioral4

MITRE ATT&CK Enterprise v6

Tasks