Overview

overview

10

Static

static

hola.html

windows7-x64

1

hola.html

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    hola.html

  • Size

    792KB

  • Sample

    220926-tthwbacebp

  • MD5

    f8463962698412317442b7fec3e90e50

  • SHA1

    db969a6149e6e7346c18f56430b6d12fffc5ffc8

  • SHA256

    d2520eaede1f6f07a4e8d23607a5786f7e7290f30afaae3bbae0d3784a41bfbd

  • SHA512

    94715707aed563a2c128f98b83f4265a4ff376b863bc87e46d6f623ac829ff157557338c8c7645e8ad4c28a29f102dc657e61e8ea448cbfeb2d4c2822cc30704

  • SSDEEP

    12288:+73GOdabXoA27IkrwQql0tfCal/ApRt9IGase9CIZZl7X6bfEogvSeOxjKWE0:+7uXG7qQJFC93gzCSIfRU6+Wf

Score
10/10
qakbotbb1664184863bankerstealertrojan

Malware Config

Extracted

Family

qakbot

Version

403.895

Botnet

BB

Campaign

1664184863

C2

197.204.227.155:443

123.23.64.230:443

173.218.180.91:443

111.125.157.230:443

70.49.33.200:2222

149.28.38.16:995

86.132.13.105:2078

149.28.38.16:443

45.77.159.252:995

45.77.159.252:443

149.28.63.197:995

144.202.15.58:443

45.63.10.144:443

45.63.10.144:995

149.28.63.197:443

144.202.15.58:995

39.121.226.109:443

177.255.14.99:995

134.35.10.30:443

99.232.140.205:2222
Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      hola.html

    • Size

      792KB

    • MD5

      f8463962698412317442b7fec3e90e50

    • SHA1

      db969a6149e6e7346c18f56430b6d12fffc5ffc8

    • SHA256

      d2520eaede1f6f07a4e8d23607a5786f7e7290f30afaae3bbae0d3784a41bfbd

    • SHA512

      94715707aed563a2c128f98b83f4265a4ff376b863bc87e46d6f623ac829ff157557338c8c7645e8ad4c28a29f102dc657e61e8ea448cbfeb2d4c2822cc30704

    • SSDEEP

      12288:+73GOdabXoA27IkrwQql0tfCal/ApRt9IGase9CIZZl7X6bfEogvSeOxjKWE0:+7uXG7qQJFC93gzCSIfRU6+Wf

    Score
    10/10
    qakbotbb1664184863bankerstealertrojan

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks