qakbot | 0a438fb94d82f00aee71e0532447e156968c5da32c6134d9be05d3604049ba29

General

Target

ComplianceReportCopy_8103.iso
Size

842KB
Sample

221026-kpnrbsfbgp
MD5

45b0ddcd5aa9fdf7f9d5511b4ca6fdaa
SHA1

1020a85798920ea525022441f7c014649c03b26e
SHA256

0a438fb94d82f00aee71e0532447e156968c5da32c6134d9be05d3604049ba29
SHA512

7591c768caf0380dd70202316236640f20bedbfac89c72e1d450c987238f558feb7d722f0e53f7ebdffe99acfac90c0773bf5e2b6a12f4b3df5444d40ef40032
SSDEEP

12288:WZvx07iKfDISZYRobaZ0UrIBfUQ0eIUM4WV6nwldJOCPrHuD51beqam3:Wta1DjZBBAgdxM4F6dMCjHuLeq

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

403.1051

Botnet

obama216

Campaign

1666689942

C2

24.116.45.121:443

24.206.27.39:443

71.199.168.185:443

70.115.104.126:443

190.24.45.24:995

24.9.220.167:443

68.62.199.70:443

43.241.159.238:443

113.162.196.232:443

156.217.60.239:995

197.204.70.167:443

197.202.196.43:443

24.130.228.100:443

41.109.228.108:995

64.123.103.123:443

190.193.180.228:443

24.177.111.153:443

60.54.65.27:443

189.129.38.158:2222

206.1.164.250:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  ComplianceReportCopy.lnk
- Size
  
  1KB
- MD5
  
  2bd5a02c25e5c84b0884290af6ecfcf6
- SHA1
  
  45770ea357497ffec1104d1f00dfd8314c6ed0d6
- SHA256
  
  0264a38354df68d37ab1679c1d4182d65a85b613d74a795b6fbf464209d4e4f1
- SHA512
  
  cefdd9e713d37729a3c71bd63be830de56f1ffdd7e3a0af9fe1240b9761fcf447e2ea30c9fd137908b1c8edc1b66c8ea9538f7cf489de5bfadcec29cc162251c
Score

10^/10

qakbot obama216 1666689942 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  standby/custom.dat
- Size
  
  728KB
- MD5
  
  6bbcdddf499492d20cfffd6daca37293
- SHA1
  
  cc51358976f56ee0a04913f447875714bdcc7240
- SHA256
  
  e8812e78977d58d6d52dfc7457f26b3e41b2609c97840bb04175db68522f8454
- SHA512
  
  a5f4e54225e514a107bc36878f10d16680b90269290d83c9e99925370a55645d56866390b607c34373dcf421b34238e4fac06851f6637b1385d80839dd62776d
- SSDEEP
  
  12288:9Zvx07iKfDISZYRobaZ0UrIBfUQ0eIUM4WV6nwldJOCPrHuD5:9ta1DjZBBAgdxM4F6dMCjHu
Score

10^/10

qakbot obama216 1666689942 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral3 behavioral4
- Target
  
  standby/overbalances.cmd
- Size
  
  564B
- MD5
  
  85b3db43f35b985f813d690112a752d1
- SHA1
  
  620b98775984ce4c3c010859c8aad0d7be873f71
- SHA256
  
  9760a1c46d6c517446d97dce3f2b90aab4b938c11eb4bb3597222a0f97385dad
- SHA512
  
  daa53ace04b8581e98475f16f1b2a03e24154c25b50a6c8770996be0400eb9006c6dcba8059b7c4c5fb7d19df83ce91258eec7fcf8d8a6bd8f856983b89c2f55
Score

1^/10
behavioral5 behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Qakbot/Qbot

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6