qakbot | 593c20dcf865d6b55cf7404869c92202071cb4d2972dc2784f96ff2730b59745

Sharing

Copy URL

Twitter E-mail

General

Target

722752f2-1833-4ad1-925b-83dd054aa45d.zip
Size

467KB
Sample

221027-haxpksbcfm
MD5

af3f07d3b3cdf15fb6347556fe8792c0
SHA1

3dc414dc7aa383f85e3a859f4346667c61b959bb
SHA256

593c20dcf865d6b55cf7404869c92202071cb4d2972dc2784f96ff2730b59745
SHA512

6543e5a64fc763621793d69ff84e7e42537f01886fcc438ae29b0c907c3eee275b24611734b0cffac3251928b122fab3d5c74798fc9c5baf3031e75e946fd7e3
SSDEEP

12288:yZiYBwxjV/Z2W2norU30BfkMA5ubRECvGCV3QEz:ZWcjdcOEvMAgRECv31

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

403.1051

Botnet

obama217

Campaign

1666765529

197.204.53.242:443

105.106.60.149:443

102.159.110.79:995

64.207.237.118:443

156.216.134.70:995

180.151.116.67:443

190.199.97.108:993

206.1.203.0:443

186.188.96.197:443

206.1.128.203:443

201.249.100.208:995

190.75.151.66:2222

198.2.51.242:993

90.165.109.4:2222

71.199.168.185:443

181.56.171.3:995

43.241.159.148:443

41.103.1.16:443

24.207.97.117:443

105.157.86.118:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Cancellation.lnk
- Size
  
  1KB
- MD5
  
  cfea0776b9ffc000adbcc6512b1be19a
- SHA1
  
  89287d1b8ef4a921748135f6dddbc9c777482202
- SHA256
  
  d3604a839f8c26970f4b61d25a5a01cc5fce2a4ccb51d4a2f6e5bc0dca2b3078
- SHA512
  
  5ed6e623e1e55c2f587c5f8571ca8c94405961825d947c0de75524875ac5eb620039176403710042987656764db033eee215fdc2a927d6b816733f4e68535c15
Score

10^/10

qakbot obama217 1666765529 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  inexhaustive/cinematic.dat
- Size
  
  420KB
- MD5
  
  68db6a42f0cd24b06b6b85fcc2e920a1
- SHA1
  
  c0b49c892a763963a013e9486d4386cbc459060f
- SHA256
  
  f57de92e2e651e8a0b41a620acce35afa554e285109f1c7c93b5639cec9c4f34
- SHA512
  
  78cf7b054f4482e53ba8ec2075604a557074cb995b5edcee2775d098689201010f3a103b73d51e2dbf3c0a6ea5e20f40f57862c0b03a4e31ff1513b303d28c77
- SSDEEP
  
  6144:5MVSKlGqB/JXPX+c9BLrgq/6qot7FZyRxJt2gRxhYU1sNmcvVR2l2HM+LJUaoF2:OVPlBJXWcnkq/GNU1E1T5Hb1
Score

10^/10

qakbot obama217 1666765529 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral3 behavioral4
- Target
  
  inexhaustive/mottles.cmd
- Size
  
  321B
- MD5
  
  ded7bcd564459b933ad14e27226a2a29
- SHA1
  
  a2f761854b03011477299b3d821761d1913652fb
- SHA256
  
  8af455118b84ec4b48fc339da44bb2f7a6d2f42c08484ae49ea4b312e8142064
- SHA512
  
  43350be218295966525d161aad64a1c18d2f51db9c386eb26ea1a28bbb4b93d73abf5a8cd2f9f3e9fa73e7b51718e8faa2b9e12aaab503aa9575f7c37233a3a8
Score

1^/10
behavioral5 behavioral6
- Target
  
  inexhaustive/waviness.jpg
- Size
  
  61KB
- MD5
  
  980e8d60a93e3fa912d4daffea779480
- SHA1
  
  b329eb8d42f798dcdd216d32654d90a3dc48385a
- SHA256
  
  98d87b782bf26c21c0c8ad62e402d0475e1f22fba96f02453d994b643b5be174
- SHA512
  
  a34bdd17ede8f6cc0701bae9064832e095e768a7ecf652218539de666d4443720585af57a55507bf9a6878d0752a6803980c0dc1741d7b2b079bd94da3e0b051
- SSDEEP
  
  1536:222UdBqBD/jJ+d7naXHqmljv86xsqeyB9mPg6gopzGIAF:n2UdBqBTtqGqiQ6xss3mPbgoJ8F
Score

3^/10
behavioral7 behavioral8

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Qakbot/Qbot

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8