qakbot | 7c486c9c98e675989a708d7203aff92135c2d15dde7b9ba043a01e35d9cb7e83

General

Target

Cancellation#4203.iso
Size

1.1MB
Sample

221026-yvzyfaghgk
MD5

9793490bcc71806e6709c4fa00ee3041
SHA1

5a6817ebc5966e540ff21754f311f3c0365fef17
SHA256

7c486c9c98e675989a708d7203aff92135c2d15dde7b9ba043a01e35d9cb7e83
SHA512

d56e2b15ff2ae463cc211ba90c4a5921745f406c711b0422bd789bb4f405ccf6f3735c084855646a4fbc02dfafc747e075483aa44e646fc0028c28f1fdb1552e
SSDEEP

24576:fJGcu/THHWHgHHMw0wywOw0wJHwAHy2w9xwUw0HSwVwUwmCdhZtZQefT+K:jOTHHWHgHHMw0wywOw0wJHwAHy2w9xwj

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

403.1051

Botnet

obama217

Campaign

1666765529

C2

197.204.53.242:443

105.106.60.149:443

102.159.110.79:995

64.207.237.118:443

156.216.134.70:995

180.151.116.67:443

190.199.97.108:993

206.1.203.0:443

186.188.96.197:443

206.1.128.203:443

201.249.100.208:995

190.75.151.66:2222

198.2.51.242:993

90.165.109.4:2222

71.199.168.185:443

181.56.171.3:995

43.241.159.148:443

41.103.1.16:443

24.207.97.117:443

105.157.86.118:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Cancellation.lnk
- Size
  
  1KB
- MD5
  
  71bcab185f3d00fa6f7950fbfd0f907c
- SHA1
  
  80e7eab2d92460af60cd04e48b3a888a9fc01d66
- SHA256
  
  c81003d021de920a8be55d0bbee5f2745935950904b81611d344a85082e2dabe
- SHA512
  
  b2fb466dce154d348f1d48d183215c1a4f300d8cb215432495f9106115def342ab2f4be9661f22c6490776096915eb22d44fca6eeee9540edfb083e1b2b4283e
Score

10^/10

qakbot obama217 1666765529 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1
- Target
  
  inexhaustive/friendless.dat
- Size
  
  420KB
- MD5
  
  d780da82fb5c0e19a7086544d05cef1c
- SHA1
  
  0a876d40830a3c6d32e60634b2a9fdff1cc0da63
- SHA256
  
  65166badb92cb1443665210afbb0002975009158a5af0c811acb457577eaa4cb
- SHA512
  
  23a6272f34f9809eb9cbf5e45b970cf6b1a46c3298f29d88ddc32c28fe695a21ebd60babe83385c222107e41135260f035cdd212fb3454819ede9dca96a4c630
- SSDEEP
  
  6144:5MVSKlGqB/JXPX+c5BLrgq/6qot7FZyRxJt2gRxhYU1sNmcvVR2l2HM+LJUaoF2:OVPlBJXWcLkq/GNU1E1T5Hb1
Score

10^/10

qakbot obama217 1666765529 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral2
- Target
  
  inexhaustive/paranoiac.cmd
- Size
  
  331B
- MD5
  
  e7747c6b3636a47b3c50d506d4c5243a
- SHA1
  
  a27be34c6cf749934c62dfa38b25674339a64166
- SHA256
  
  7bdcfaa5d2729fbedad81b0fd73080d93d3f684c89f530465cf8647dd64eb913
- SHA512
  
  8029dfd449b5f31891b4d7978fee1e274f005618b2839f5c151566f5473e596a09e959dc052c9e5069d1b3bf57c0adac9d38cf551bf1c2ac2c1770c5d7fe7e5f
Score

1^/10
behavioral3

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Executes dropped EXE

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3