Overview

overview

10

Static

static

Cancellati...6.html

windows7-x64

1

Cancellati...6.html

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Cancellation_5506.html

  • Size

    942KB

  • Sample

    221026-xn75ssgfe9

  • MD5

    d7bccf9e17e7edc443ef3ea0e803d26e

  • SHA1

    223e47e44450914e2b429d30d35ec8e0dd4cd822

  • SHA256

    1e090419eae03ac3036dfefaa54255fe55ac450922bff0979a9dc7d2ae28eaf5

  • SHA512

    0a8385cc82ae166d6fe0bb71a30b3852a546442d633ea69b5ec969f13163db504df2cc8d3e8b78f6b74ab6c622fb2bcba06c75aba30cb116c85c3323e8baeb7e

  • SSDEEP

    12288:OmrEq8pk+NRjq3NXAgVlxV9s0bLLWoNDz1E5cfrA1fy8z9BM0tLRVe:fEb7N43lAgOmLxldwZzVRRVe

Score
10/10
qakbotobama2171666765529bankerstealertrojan

Malware Config

Extracted

Family

qakbot

Version

403.1051

Botnet

obama217

Campaign

1666765529

C2

197.204.53.242:443

105.106.60.149:443

102.159.110.79:995

64.207.237.118:443

156.216.134.70:995

180.151.116.67:443

190.199.97.108:993

206.1.203.0:443

186.188.96.197:443

206.1.128.203:443

201.249.100.208:995

190.75.151.66:2222

198.2.51.242:993

90.165.109.4:2222

71.199.168.185:443

181.56.171.3:995

43.241.159.148:443

41.103.1.16:443

24.207.97.117:443

105.157.86.118:443
Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      Cancellation_5506.html

    • Size

      942KB

    • MD5

      d7bccf9e17e7edc443ef3ea0e803d26e

    • SHA1

      223e47e44450914e2b429d30d35ec8e0dd4cd822

    • SHA256

      1e090419eae03ac3036dfefaa54255fe55ac450922bff0979a9dc7d2ae28eaf5

    • SHA512

      0a8385cc82ae166d6fe0bb71a30b3852a546442d633ea69b5ec969f13163db504df2cc8d3e8b78f6b74ab6c622fb2bcba06c75aba30cb116c85c3323e8baeb7e

    • SSDEEP

      12288:OmrEq8pk+NRjq3NXAgVlxV9s0bLLWoNDz1E5cfrA1fy8z9BM0tLRVe:fEb7N43lAgOmLxldwZzVRRVe

    Score
    10/10
    qakbotobama2171666765529bankerstealertrojan

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Executes dropped EXE

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

3
T1012

Peripheral Device Discovery

2
T1120

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks