qakbot | 456012a585a2320e798cd0cab4d66221cdd1a4cec1084993aac262a045586c56

Sharing

Copy URL

Twitter E-mail

General

Target

456012a585a2320e798cd0cab4d66221cdd1a4cec1084993aac262a045586c56
Size

430KB
Sample

220919-ks3pnahbg6
MD5

6e2eae735721ceaa59b967810fb5b44f
SHA1

7390800e71325753ae472815e8b5c653a99d6fb1
SHA256

456012a585a2320e798cd0cab4d66221cdd1a4cec1084993aac262a045586c56
SHA512

bde0544e0807afe48a97fae13348295b4be1d5d9e59c6c45878c7c1fc997e591ab956ce86a527848d6b43e76d3576fc47ac2a5dc0c6974b0512bc0d7659051be
SSDEEP

6144:eu8T9zrStWm3C3klS1gqbe5L05kVxVFInAPexY5ixyizO8wj+A:J8ZSg24Vbe5LFVxVFIAPWelSZm

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

403.858

Botnet

obama202

Campaign

1663062752

99.232.140.205:2222

41.69.118.117:995

179.111.111.88:32101

37.210.148.30:995

47.146.182.110:443

191.97.234.238:995

64.207.215.69:443

88.233.194.154:2222

81.131.161.131:2078

86.98.156.176:993

200.161.62.126:32101

88.244.84.195:443

78.100.254.17:2222

85.114.99.34:443

113.170.216.154:443

194.49.79.231:443

193.3.19.37:443

84.38.133.191:443

175.110.231.67:443

191.84.204.214:995

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  456012a585a2320e798cd0cab4d66221cdd1a4cec1084993aac262a045586c56
- Size
  
  430KB
- MD5
  
  6e2eae735721ceaa59b967810fb5b44f
- SHA1
  
  7390800e71325753ae472815e8b5c653a99d6fb1
- SHA256
  
  456012a585a2320e798cd0cab4d66221cdd1a4cec1084993aac262a045586c56
- SHA512
  
  bde0544e0807afe48a97fae13348295b4be1d5d9e59c6c45878c7c1fc997e591ab956ce86a527848d6b43e76d3576fc47ac2a5dc0c6974b0512bc0d7659051be
- SSDEEP
  
  6144:eu8T9zrStWm3C3klS1gqbe5L05kVxVFInAPexY5ixyizO8wj+A:J8ZSg24Vbe5LFVxVFIAPWelSZm
Score

3^/10
behavioral1 behavioral2
- Target
  
  Claim_Letter.lnk
- Size
  
  1KB
- MD5
  
  fec843c183a82e5fe4b99f97139253ef
- SHA1
  
  912969f75798d847b57b6cf7ae34607807e0c1e5
- SHA256
  
  b2295eb84ccefcbebd32413ce2d72f9ed187b5dfe1f58b38012f0be27b198625
- SHA512
  
  94fec177e669d159a851b23fdb967c8291ad363bb9c132c6d9d2eb6714fe1974520f6be21ffa836d4e37ae07d848a600b8667ccefa86253b699c44311099e720
Score

3^/10
behavioral3 behavioral4
- Target
  
  about/myOf.js
- Size
  
  208B
- MD5
  
  82137f0f264492a86a80bb9e89673de6
- SHA1
  
  f38b8e5ae4b26ed3186c80f8f3bf9867de0d9b77
- SHA256
  
  74a4cd16cb6035dc627b294c027405f0e9826c787238ce6b508ff128cc72cf15
- SHA512
  
  266e5d857c8b150e6ab2714532c911a652d9cabb58273a2b708b4cd87127ba694ca61a164dfcd4da50383182bada386af0b294c2c397c6f0380a9ba74ed730c8
Score

3^/10
behavioral5 behavioral6
- Target
  
  about/thereIn.db
- Size
  
  368KB
- MD5
  
  aaabcb8c5464c4fdb6d72816f77f3b65
- SHA1
  
  7397d48671bde4ef13ae59f3427f0c1a1e7977d4
- SHA256
  
  1cbd5c3072fd99bff1408bc1f8a3b09206322de8b83b743a57efa24adefdb44f
- SHA512
  
  c5165a9e1f8185a94256bb67cf89d035f743e461795f0444208ee116df53bec5633673527cf52727462a8c543286c2f05f74dcc16078e5a1d2689ea434876546
- SSDEEP
  
  6144:0u8T9zrStWm3C3klS1gqbe5L05kVxVFInAPexY5ixyizO8wj+A:/8ZSg24Vbe5LFVxVFIAPWelSZm
Score

10^/10

qakbot obama202 1663062752 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
- Drops file in System32 directory
behavioral7 behavioral8
- Target
  
  about/withIt.bat
- Size
  
  40B
- MD5
  
  9410e94f5f838ff8340c717a2c127f16
- SHA1
  
  43aa7324b52799f45b28be58466367666e154f3a
- SHA256
  
  525ad5d9443d1643254ea78d57effb2f869e310839f7ae91cf08c12f0c61fdb2
- SHA512
  
  e12d57dba22f8802f23f295c0b232df3d80f3393bec4cba917e02662e4e7f1c94193a8d91a3870050667b4eb0cb7eb9314b444a97309dec325b198b444d5aef4
Score

1^/10
behavioral9 behavioral10

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

T1053

Persistence

Scheduled Task

T1053

Privilege Escalation

Scheduled Task

T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Loads dropped DLL

Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10