Overview

overview

10

Static

static

Document.lnk

windows7-x64

3

Document.lnk

windows10-2004-x64

3

him/fromIts.js

windows7-x64

3

him/fromIts.js

windows10-2004-x64

1

him/thatKnow.dll

windows7-x64

10

him/thatKnow.dll

windows10-2004-x64

10

him/thinkLike.bat

windows7-x64

1

him/thinkLike.bat

windows10-2004-x64

1

of/firstOnly.bat

windows7-x64

1

of/firstOnly.bat

windows10-2004-x64

1

of/thanAlso.js

windows7-x64

3

of/thanAlso.js

windows10-2004-x64

1

one/aboutNo.dll

windows7-x64

10

one/aboutNo.dll

windows10-2004-x64

10

one/lookWay.js

windows7-x64

3

one/lookWay.js

windows10-2004-x64

1

one/thisSee.bat

windows7-x64

1

one/thisSee.bat

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3217c9caadb949d74cc2040bcca570cd1bd33f7d6d7c33ee1c9aa85c89139aff

  • Size

    1.2MB

  • Sample

    220919-ks3dwshbg5

  • MD5

    3e8ee5e31ee468931dc10c585d4094bc

  • SHA1

    1efc937e03f6724a3e712f12a75e77bbc8670681

  • SHA256

    3217c9caadb949d74cc2040bcca570cd1bd33f7d6d7c33ee1c9aa85c89139aff

  • SHA512

    7f4816236f11454bdb9131c6ec2d73818569ef0dcee5f19e45228d1066366a182f078c7c236100b0b2f870ce1d1fc094d7e8827a01f3cb6a800e061cc0b1a28c

  • SSDEEP

    24576:Enkh72GTWnQdAww1eWzqhegMdeXBr+HSAww1eWzqhegdS:th7TWn0FAqMgKeESFAqMgd

Score
10/10
qakbotbb1663053540bankerstealertrojan

Malware Config

Extracted

Family

qakbot

Version

403.862

Botnet

BB

Campaign

1663053540

C2

194.49.79.231:443

193.3.19.37:443

99.232.140.205:2222

47.146.182.110:443

84.38.133.191:443

191.97.234.238:995

37.210.148.30:995

64.207.215.69:443

200.161.62.126:32101

88.245.103.132:2222

86.98.156.176:993

175.110.231.67:443

78.100.254.17:2222

191.84.204.214:995

123.240.131.1:443

197.94.210.133:443

196.92.172.24:8443

186.50.245.74:995

70.51.132.197:2222

100.1.5.250:995
Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      Document.lnk

    • Size

      1KB

    • MD5

      bc7255731e68fef87e0e109e26aedc5a

    • SHA1

      9a75d737bf834158d5005e2ec7814c96ca9c08bc

    • SHA256

      9495261e5ab8cfc077863c41e6b4391b99f5a79fd452a6bfc9784624c3c75590

    • SHA512

      04fb044b508fe4c1d2d88bcb170932d3b38e409a1934c14c741c92e5a00f39be9f7a947445bfc058b2d082f0d450a0fd2b758189b2ddf7c4da47e8d28e1bd1bc

    Score
    3/10
    behavioral1behavioral2

    • Target

      him/fromIts.js

    • Size

      139B

    • MD5

      529ef44381ae86ddd1cfa47049c66a25

    • SHA1

      aa37742066d39650cdbc8d1fff7e32c5093dd04d

    • SHA256

      8ccaa1f6b974e1c7aa05f1bab12bac902653e07309a0944031024b420091597f

    • SHA512

      6b9d03a895436c5b6577d12be632a5048f4f8e24c55407ba264f99e6efca32f41ac8ce2145ae33b5d9eec1458a193f86446bf5a0a774df4180341851dec6324d

    Score
    3/10
    behavioral3behavioral4

    • Target

      him/thatKnow.db

    • Size

      370KB

    • MD5

      3af4a4a28dafbb10a6637e59059015fe

    • SHA1

      224443e988d68a3e020d539854f609b32c5067e7

    • SHA256

      8b59e2de999068c78d352cb591dbae7e4495ce989615eb35607475648356ef11

    • SHA512

      dac98357101162a38de5fb3ff0bfaa2399f3b28288d7a99cb19719fd287070b0dbedf6b7fc6e39649c15e29826f3ad6d1e07e502358bb46340ec8714e64c202a

    • SSDEEP

      6144:0W94f4+mWoAwI55fMC/sLv2S2UBNlAzm+LNq6mpPh9HTk3upTfCUp:D4w1AwSpZ1S2kNWzmjDh9zk3gD

    Score
    10/10
    qakbotbb1663053540bankerstealertrojan

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral5behavioral6

    • Target

      him/thinkLike.bat

    • Size

      39B

    • MD5

      bb6771a1205834466938cf162ef67571

    • SHA1

      23a8fa73a5f15f57e4bd1f90739187c572d1f4eb

    • SHA256

      c95ff0f6ebb6b6f8e5daad0f769f751ba19e266b685769e2769874bc14d53c01

    • SHA512

      8ccbbd58534ddb33cd91540d8a391ecfda5d815c6c9f5e8e9063be0095ecc8c52fe2b90cdea80ddeff321efb4e89f1f166621afb98c5ecb340ad2faf14b7012b

    Score
    1/10
    behavioral7behavioral8

    • Target

      of/firstOnly.bat

    • Size

      39B

    • MD5

      961b9fa9d558e479ad31dba33d13a6b7

    • SHA1

      af14e4794caa898c9c6d4ccd645954665ce9f20a

    • SHA256

      68b912125b7356126db9bd10042a6a3a4a4c53381a71340eb43a1e663ac24d89

    • SHA512

      ecad04afa9f877d8a85b3ba1e6b7c253fbffa8753254dbdbc937b309caf0f996991b56a2e51b0e53f20028fc6a81d481158cf382aa5897d265a6bbd73d06354d

    Score
    1/10
    behavioral9behavioral10

    • Target

      of/thanAlso.js

    • Size

      138B

    • MD5

      61398891ac7f709e1ffd5bc34674a2d0

    • SHA1

      af927a51d3435c133e3a155718769281f7b138b3

    • SHA256

      0655400d9b638c6b2af5138ea28b758048d1316e156826a7df936e56acc52aa4

    • SHA512

      214b19bfdcbf6d06830bcfd0e2f4f2c4209844cf70f2e175df14690276d9f20c875501ed5b9759359f5fc30544604b6ca243828ff9330abb8f6090e0887a0618

    Score
    3/10
    behavioral11behavioral12

    • Target

      one/aboutNo.db

    • Size

      370KB

    • MD5

      3af4a4a28dafbb10a6637e59059015fe

    • SHA1

      224443e988d68a3e020d539854f609b32c5067e7

    • SHA256

      8b59e2de999068c78d352cb591dbae7e4495ce989615eb35607475648356ef11

    • SHA512

      dac98357101162a38de5fb3ff0bfaa2399f3b28288d7a99cb19719fd287070b0dbedf6b7fc6e39649c15e29826f3ad6d1e07e502358bb46340ec8714e64c202a

    • SSDEEP

      6144:0W94f4+mWoAwI55fMC/sLv2S2UBNlAzm+LNq6mpPh9HTk3upTfCUp:D4w1AwSpZ1S2kNWzmjDh9zk3gD

    Score
    10/10
    qakbotbb1663053540bankerstealertrojan

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral13behavioral14

    • Target

      one/lookWay.js

    • Size

      137B

    • MD5

      9f9be4989a96cd00f353ed99b2a34979

    • SHA1

      64fa5add5da08cf0a829392ef06ef82e7e1ce009

    • SHA256

      519f112b75dc648086aaa81afe9312ce37d15e3531ed421ad0b334be99df4ac1

    • SHA512

      055da0c436b6dc097a718763c31fc93eb34a165589365a3ca2eb70e6242eb0e6bc76bb8fbbcf84bfa35591a06d37be38bf8e6eec7e0b43a02d7621366e120f00

    Score
    3/10
    behavioral15behavioral16

    • Target

      one/thisSee.bat

    • Size

      38B

    • MD5

      1fe46ce8e6b40b47156089326574a875

    • SHA1

      7bca2f63c5e284bd555f23a25431d69d6332c086

    • SHA256

      adf18ec34361bc635f771e246b86d1d8d620ddfab814173279a648207cde9947

    • SHA512

      607b42b627f3237c50649ad83d77c70f76c0954b938805df51aabe8620d734b948d9190aa8d144d87944e7a175a3f9a3c67c6540bfdea2a7b71f495b8a0457d6

    Score
    1/10
    behavioral17behavioral18

MITRE ATT&CK Enterprise v6

Tasks