qakbot | 3194e29f73db80f32b9174fd1a7088ebef43017eb3f512af00eebc0e41b036a3 | Triage

Sharing

General

Target

Calculation#5887(Sep16).html
Size

745KB
Sample

220916-xf2ytagde3
MD5

888b441296e0a7347202001f9ddaf7ea
SHA1

17aa01bd9cd18509660e5d6ffb5ac7d1d4b8c6ca
SHA256

3194e29f73db80f32b9174fd1a7088ebef43017eb3f512af00eebc0e41b036a3
SHA512

fb60ca1fa1b97ea96e5b371ebd204524527390c4c1b9a73bc7845c5f38525fc127f358281d0c182deeb96449df773228ee14ca27f13e9bfbe2d14539a411c258
SSDEEP

12288:zLetYurAV7RQAbmkQEdgk4D5FU5fdj+ziXCj1FtsHT:/etY2AV9QAbm/qg38fdCziCTK

Score

10^/10

qakbot obama204 1663313119 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

403.892

Botnet

obama204

Campaign

1663313119

C2

119.82.111.158:443

134.35.10.207:443

200.161.62.126:32101

70.51.132.197:2222

78.100.228.93:995

78.100.225.34:2222

45.51.148.111:993

186.154.92.181:443

66.181.164.43:443

217.165.85.223:993

70.49.33.200:2222

193.3.19.37:443

41.96.56.224:443

99.232.140.205:2222

88.231.221.198:995

76.169.76.44:2222

68.53.110.74:995

196.64.237.138:443

190.44.40.48:995

72.88.245.71:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Calculation#5887(Sep16).html
- Size
  
  745KB
- MD5
  
  888b441296e0a7347202001f9ddaf7ea
- SHA1
  
  17aa01bd9cd18509660e5d6ffb5ac7d1d4b8c6ca
- SHA256
  
  3194e29f73db80f32b9174fd1a7088ebef43017eb3f512af00eebc0e41b036a3
- SHA512
  
  fb60ca1fa1b97ea96e5b371ebd204524527390c4c1b9a73bc7845c5f38525fc127f358281d0c182deeb96449df773228ee14ca27f13e9bfbe2d14539a411c258
- SSDEEP
  
  12288:zLetYurAV7RQAbmkQEdgk4D5FU5fdj+ziXCj1FtsHT:/etY2AV9QAbm/qg38fdCziCTK
Score

10^/10

qakbot obama204 1663313119 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

qakbotobama2041663313119bankerstealertrojan