Overview

overview

10

Static

static

Art#4376.zip

windows10-2004-x64

10

Resubmissions

26-09-2022 22:23

220926-2at38sdbhl 10

26-09-2022 19:56

220926-ynv1xabhd5 10

26-09-2022 18:58

220926-xmwqdabgd6 10

26-09-2022 12:36

220926-ps571abhhq 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Art#4376.zip

  • Size

    605KB

  • Sample

    220926-ynv1xabhd5

  • MD5

    6a793a5e8c1ab979df01b4dccde9ca32

  • SHA1

    17deb587031196f62b8d3a53c60541fd0959457d

  • SHA256

    2827772c694257f02892bfc37635cb4f7e873e598bdca9a3e43bc5dd92709543

  • SHA512

    9fe9b6a57667a2c414b32efd91e764e2ce001fb851b44bb467bd113f0a1e518f448e94d1d3fa7ad10db247cf1d065d4efabed8964bab7631a4223b3afd0fb989

  • SSDEEP

    12288:R5WRiTvdfmH2KzulB3vzZDGUIex97hr7fcrPdmgTL5qnQWW3BEKzqzccp/8H:R5L1T3vzZaCPJErPk0wn1wEIqzU

Score
10/10
qakbotbb1664184863bankerstealertrojan

Malware Config

Extracted

Family

qakbot

Version

403.895

Botnet

BB

Campaign

1664184863

C2

197.204.227.155:443

123.23.64.230:443

173.218.180.91:443

111.125.157.230:443

70.49.33.200:2222

149.28.38.16:995

86.132.13.105:2078

149.28.38.16:443

45.77.159.252:995

45.77.159.252:443

149.28.63.197:995

144.202.15.58:443

45.63.10.144:443

45.63.10.144:995

149.28.63.197:443

144.202.15.58:995

39.121.226.109:443

177.255.14.99:995

134.35.10.30:443

99.232.140.205:2222
Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      Art#4376.zip

    • Size

      605KB

    • MD5

      6a793a5e8c1ab979df01b4dccde9ca32

    • SHA1

      17deb587031196f62b8d3a53c60541fd0959457d

    • SHA256

      2827772c694257f02892bfc37635cb4f7e873e598bdca9a3e43bc5dd92709543

    • SHA512

      9fe9b6a57667a2c414b32efd91e764e2ce001fb851b44bb467bd113f0a1e518f448e94d1d3fa7ad10db247cf1d065d4efabed8964bab7631a4223b3afd0fb989

    • SSDEEP

      12288:R5WRiTvdfmH2KzulB3vzZDGUIex97hr7fcrPdmgTL5qnQWW3BEKzqzccp/8H:R5L1T3vzZaCPJErPk0wn1wEIqzU

    Score
    10/10
    qakbotbb1664184863bankerstealertrojan

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks