qakbot | 5562515625fc5fd5d96eb1e352e1001f283661c018d7d470632bbb3d1cebfcdb

General

Target

5562515625fc5fd5d96eb1e352e1001f283661c018d7d470632bbb3d1cebfcdb
Size

430KB
Sample

220919-ks31eshbg8
MD5

33b15a5828cec0d15821f3e802e2832f
SHA1

032519940442c88daba1b5f2bcd9b554f9ab5f3e
SHA256

5562515625fc5fd5d96eb1e352e1001f283661c018d7d470632bbb3d1cebfcdb
SHA512

40f02df7ba0655cc1c82f902e1ad2c55fb66e9fcb9eda78029d6a742590194c07106b3f28a7052a77ef6f29d0e6af7ad92da5205e068470988e7609be4f6e95c
SSDEEP

6144:wu8T9zrStWm3C3klS1gqbe5L05kVxVFInAPexY5ixyizO8wj+A:r8ZSg24Vbe5LFVxVFIAPWelSZm

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

403.858

Botnet

obama202

Campaign

1663062752

C2

99.232.140.205:2222

41.69.118.117:995

179.111.111.88:32101

37.210.148.30:995

47.146.182.110:443

191.97.234.238:995

64.207.215.69:443

88.233.194.154:2222

81.131.161.131:2078

86.98.156.176:993

200.161.62.126:32101

88.244.84.195:443

78.100.254.17:2222

85.114.99.34:443

113.170.216.154:443

194.49.79.231:443

193.3.19.37:443

84.38.133.191:443

175.110.231.67:443

191.84.204.214:995

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Claim_Letter.lnk
- Size
  
  1KB
- MD5
  
  9a8981f5943d243787de21421fca2b56
- SHA1
  
  4556a07f6a57cc9f124d4bb6c76d542ea03cb707
- SHA256
  
  b0c42c6dced75b20ef146933444f1d3ca500612e8b5f4c5992310dd72268ea19
- SHA512
  
  a88318119c80f2bc93587b97220e587fb2a81c8277e437cae596b90d795db64acf6953874a80fb3b0e6f8be1680239f00a2ee6168c0890158dc9d11ce4d8ccc7
Score

3^/10
behavioral1 behavioral2
- Target
  
  about/hisTwo.db
- Size
  
  368KB
- MD5
  
  aaabcb8c5464c4fdb6d72816f77f3b65
- SHA1
  
  7397d48671bde4ef13ae59f3427f0c1a1e7977d4
- SHA256
  
  1cbd5c3072fd99bff1408bc1f8a3b09206322de8b83b743a57efa24adefdb44f
- SHA512
  
  c5165a9e1f8185a94256bb67cf89d035f743e461795f0444208ee116df53bec5633673527cf52727462a8c543286c2f05f74dcc16078e5a1d2689ea434876546
- SSDEEP
  
  6144:0u8T9zrStWm3C3klS1gqbe5L05kVxVFInAPexY5ixyizO8wj+A:/8ZSg24Vbe5LFVxVFIAPWelSZm
Score

10^/10

qakbot obama202 1663062752 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
- Drops file in System32 directory
behavioral3 behavioral4
- Target
  
  about/ifFirst.bat
- Size
  
  39B
- MD5
  
  a2b8b3272d75f19c7e57363f6faa6e4e
- SHA1
  
  f6175276e72fbe481a5a515b3fe8cdafe396de69
- SHA256
  
  177d779a400ec66f1726b5905fe92fb7e6cb8cb4b1948239fbe5a2c2dd5958d6
- SHA512
  
  12180ac85e7c7cd72a6cacac7c4d22d5ba7152fe3331796ae08a16f1c47fb267d3f2df4c059a8ae914ba7681b23c80b29fb8f69526f636f181c872656af2a94a
Score

1^/10
behavioral5 behavioral6
- Target
  
  about/inKnow.js
- Size
  
  209B
- MD5
  
  843c9e7910bdaa7c60f9f52cfcc1441f
- SHA1
  
  ea8d58aaa4cfddcdc02fe2ceef8015e2092203e8
- SHA256
  
  a560e333c9054268b4dfd1aa4d1c2993767cc2a2297af49e79ad616d453902cb
- SHA512
  
  dc4643341d4ce835c36750e6268e1bdc5ebfc2f1a94f11decedb315003c68d41e83d016176c6f03157c5f76ba3d145c2ce3966dbdb87ec85e282fbaf4ae3296f
Score

3^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Loads dropped DLL

Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8