Overview

overview

10

Static

static

AF81.iso

windows7-x64

3

AF81.iso

windows10-2004-x64

3

WW.js

windows7-x64

10

WW.js

windows10-2004-x64

10

port/standpoint.dll

windows7-x64

10

port/standpoint.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    AF81.img

  • Size

    848KB

  • Sample

    221117-vx6xzsfa94

  • MD5

    a922c46bb0f120360f74230f74dccde2

  • SHA1

    1267255db34acd8d4e269c62dccc85bd7f993efd

  • SHA256

    5cb1449a38eb598597889eaef7736976a7f4ed55d3f323c4cdb73e375b084653

  • SHA512

    d97d4380b00f7637d136430aacbde62ff374dfcc9a6d41236747c16aeadb7baf3f93a4cae9536125ca8d1bb5b7d2cd3fe44c602507b1b2466d9175e6178bc016

  • SSDEEP

    12288:hoJVN9gjGfBlaYUWlaVxbYUGOpGPq1Tu/VxdZlUP9Xq4F/9:hoJVN9gjkyW8wWpD9u/VLM9Xq4n

Score
10/10
qakbotbb061668683197bankerstealertrojan

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB06

Campaign

1668683197

C2

23.240.47.58:995

12.172.173.82:465

91.169.12.198:32100

94.63.65.146:443

80.13.179.151:2222

64.207.237.118:443

24.206.27.39:443

83.114.60.6:2222

86.171.75.63:443

86.195.32.149:2222

170.253.25.35:443

92.185.204.18:2078

157.231.42.190:995

170.249.59.153:443

174.101.111.4:443

116.74.163.152:443

76.80.180.154:995

180.151.104.143:443

86.130.9.167:2222

86.99.15.243:2222
Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      AF81.img

    • Size

      848KB

    • MD5

      a922c46bb0f120360f74230f74dccde2

    • SHA1

      1267255db34acd8d4e269c62dccc85bd7f993efd

    • SHA256

      5cb1449a38eb598597889eaef7736976a7f4ed55d3f323c4cdb73e375b084653

    • SHA512

      d97d4380b00f7637d136430aacbde62ff374dfcc9a6d41236747c16aeadb7baf3f93a4cae9536125ca8d1bb5b7d2cd3fe44c602507b1b2466d9175e6178bc016

    • SSDEEP

      12288:hoJVN9gjGfBlaYUWlaVxbYUGOpGPq1Tu/VxdZlUP9Xq4F/9:hoJVN9gjkyW8wWpD9u/VLM9Xq4n

    Score
    3/10
    behavioral1behavioral2

    • Target

      WW.js

    • Size

      9KB

    • MD5

      c4f8779586965f9b6cc1e1f668f5174f

    • SHA1

      026bf21623c67151718ad801ef0626e5684fc87d

    • SHA256

      42c34b23e2a0b5857a11dd6cc47615780ad665b1a71880b0813db192003ba0d7

    • SHA512

      c9e05ccf6540812d607ec49d68e19dbfa1e5f64ff156d436e744060ba746e23cadd15bc2b7a9651623c6b233154648597bba9f4433535280c4f2a8dd3a04236c

    • SSDEEP

      192:jwMSLjDJq0Tavgx685UIroAKbP2KTMhS0OGYm5llWVjAvNzAWMuEvk7MgG+r5A6:8Vq2k785UIro8KTMhSeYm5P2jiuuEjP4

    Score
    10/10
    qakbotbb061668683197bankerstealertrojan

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral3behavioral4

    • Target

      port/standpoint.tmp

    • Size

      691KB

    • MD5

      1b6222f2f2c05a0f0a0a57a0dc015c93

    • SHA1

      ccad2a9544e3120e8941d0838b568efcfd9e8b6f

    • SHA256

      90f1065ee3cc1d54e4a5003c05f5648236a1a56f03e524533df60ac4fe81bd96

    • SHA512

      26052c251704de7cab384421011d2c5431893371dc1e13f4cfc8e42bc9aa14e89241094da864fe1586668ebe41ed6450830257062d20d79bc62ecf98fca831d8

    • SSDEEP

      12288:sjGfBlaYUWlaVxbYUGOpGPq1Tu/VxdZlUP9Xq4F/9:sjkyW8wWpD9u/VLM9Xq4n

    Score
    10/10
    qakbotbb061668683197bankerstealertrojan
    behavioral5behavioral6

MITRE ATT&CK Enterprise v6

Tasks