qakbot | cee956038bcec60007a1198020c3560eb71dd4a591498e5aa6603a9bd9d67d39 | Triage

Resubmissions

02-11-2022 05:26

221102-f43ftahfa8 10

02-11-2022 05:07

221102-fr4hcaabgr 1

Sharing

General

Target

4bdea857-2723-43d7-8da5-03c7fb56659e.html
Size

940KB
Sample

221102-f43ftahfa8
MD5

4b335b791af433796e92606bb7fdcf0b
SHA1

1edaf4c53972fc465a88626560c21e06b8ef1455
SHA256

cee956038bcec60007a1198020c3560eb71dd4a591498e5aa6603a9bd9d67d39
SHA512

1c0765bed89a2ea066efc1d583125fa8b7fdcfcf2b56e6c911e9dfb3a89f2f9835bb279a5deabeb456a6bff18d0d9b40514e483978624c6661672881e6d80743
SSDEEP

24576:SXDkWtgzB6vPfcReKb/Rvr7A/4Sx2h9hRRVe:7A8rv4/+A

Score

10^/10

qakbot obama217 1666765529 banker persistence stealer trojan

Malware Config

Extracted

Family

qakbot

Version

403.1051

Botnet

obama217

Campaign

1666765529

C2

197.204.53.242:443

105.106.60.149:443

102.159.110.79:995

64.207.237.118:443

156.216.134.70:995

180.151.116.67:443

190.199.97.108:993

206.1.203.0:443

186.188.96.197:443

206.1.128.203:443

201.249.100.208:995

190.75.151.66:2222

198.2.51.242:993

90.165.109.4:2222

71.199.168.185:443

181.56.171.3:995

43.241.159.148:443

41.103.1.16:443

24.207.97.117:443

105.157.86.118:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  4bdea857-2723-43d7-8da5-03c7fb56659e.html
- Size
  
  940KB
- MD5
  
  4b335b791af433796e92606bb7fdcf0b
- SHA1
  
  1edaf4c53972fc465a88626560c21e06b8ef1455
- SHA256
  
  cee956038bcec60007a1198020c3560eb71dd4a591498e5aa6603a9bd9d67d39
- SHA512
  
  1c0765bed89a2ea066efc1d583125fa8b7fdcfcf2b56e6c911e9dfb3a89f2f9835bb279a5deabeb456a6bff18d0d9b40514e483978624c6661672881e6d80743
- SSDEEP
  
  24576:SXDkWtgzB6vPfcReKb/Rvr7A/4Sx2h9hRRVe:7A8rv4/+A
Score

10^/10

qakbot obama217 1666765529 banker persistence stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

qakbotobama2171666765529bankerpersistencestealertrojan