qakbot | 2930607b6d3f5eb65afe1e32ed01fb21f86dc0428c60f17696af9a3c17907a08

General

Target

Cancellation#5324.iso
Size

1.1MB
Sample

221028-r5gfhsfgg8
MD5

ac406ea9679d108dea53dbe7a8da72a1
SHA1

c654eeff5e1beac00546ae58249638e9bd228fbe
SHA256

2930607b6d3f5eb65afe1e32ed01fb21f86dc0428c60f17696af9a3c17907a08
SHA512

e34326a07c31d97792d35533da3e74124b7075b8db097b24339ffb68ae7cbf15a366d7bc3cf9ca926c281c487aec28cf895a134f6935309a94e6388bf2fe6489
SSDEEP

24576:HHHWHgHHMw0wywOw0wJHwAHy2w9xwUw0HSwVwWJGcy/LwmCdhZtZQefT+K:HHHWHgHHMw0wywOw0wJHwAHy2w9xwUwo

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

403.1051

Botnet

obama217

Campaign

1666765529

C2

197.204.53.242:443

105.106.60.149:443

102.159.110.79:995

64.207.237.118:443

156.216.134.70:995

180.151.116.67:443

190.199.97.108:993

206.1.203.0:443

186.188.96.197:443

206.1.128.203:443

201.249.100.208:995

190.75.151.66:2222

198.2.51.242:993

90.165.109.4:2222

71.199.168.185:443

181.56.171.3:995

43.241.159.148:443

41.103.1.16:443

24.207.97.117:443

105.157.86.118:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Cancellation.lnk
- Size
  
  1KB
- MD5
  
  3b9374935cd94fa1fff4da0b55aae984
- SHA1
  
  e0169fe516ea9f71529e0017f694047e7ffd0a8c
- SHA256
  
  c26251a93b347fc2c964a123909480ced0ebc7ab73330ca474b6d614cbc38558
- SHA512
  
  0cdf89a830df0d2949ed9e642c0f822d98f677d18a035f8cb5507aa8868325a7ce8f521e0be2538d30a264082d962451071dfe18085fb0d22506c9728d68a19b
Score

10^/10

qakbot obama217 1666765529 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1
- Target
  
  inexhaustive/restaurateurs.cmd
- Size
  
  339B
- MD5
  
  7aec72a033e5052ac7c7caeae3104f58
- SHA1
  
  127378911db6f6543d16186fb112717353eaabfc
- SHA256
  
  fd80746ce822e536bc590c1835b8cc7eb3b0baae68a1dbad6aba4df5a9f60157
- SHA512
  
  6298f286de28861a0ec159a42143c16d8f965d814b4fdc392cd45b55bff0f1c013f94479fe043cd36f6d868e6e629cb4d6f2113584507dbc2ca6826e63313ace
Score

1^/10
behavioral2
- Target
  
  inexhaustive/splotch.dat
- Size
  
  420KB
- MD5
  
  da9b22ed6872bd8d9bab010f991e88ca
- SHA1
  
  0e0219d3146892b04d4438613833a61ba14d670f
- SHA256
  
  b2d74cd95311a6b58de551727ec02eb0faea0eb220f9f85aec888170c6d8ce15
- SHA512
  
  60fee9958dbcc54d56cd6f07a1ec071c110f5fb317756d298e16a0d8a9338319ee7aaec575ac18756eebdf04485d39a1ad8fa55204387d76d54c4e8d44f9247a
- SSDEEP
  
  6144:5MVSKlGqB/JXPX+ctBLrgq/6qot7FZyRxJt2gRxhYU1sNmcvVR2l2HM+LJUaoF2:OVPlBJXWc3kq/GNU1E1T5Hb1
Score

10^/10

qakbot obama217 1666765529 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral3

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Executes dropped EXE

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3