qakbot | 133ae75668de10509ef1d72106e05008fc3fbc8764a2f59cb0a5e98f94d83769

Sharing

Copy URL

Twitter E-mail

General

Target

EzrnVmjeEFCe8dchBuBQCPw-vIdkovWcsKXpj5TYN2k.bin
Size

474KB
Sample

221117-wqfmwsbb3v
MD5

af9daf97558368fc9a29b8ab11c39a4e
SHA1

e043026bff7c45ffd1aafc6162f477ba26898e70
SHA256

133ae75668de10509ef1d72106e05008fc3fbc8764a2f59cb0a5e98f94d83769
SHA512

9e30bdbdf9c7dc9377b3ceada8d5be4443c1538e0c7e0e0bd3f3e7d8302d98ddcb311b8e3faaf9b2d60bc3e70305291fd47675dcb9872812c6f9ec7184c8ec78
SSDEEP

12288:hpPNzvq7gRQ6I5hDH0IpzE1fV00TCTeuXdNsnM0+1pQL:htNzvIUIpzKfV7CVd+LbL

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

obama222

Campaign

1668692319

105.184.161.242:443

73.36.196.11:443

82.31.37.241:443

24.116.45.121:443

213.67.255.57:2222

200.93.14.206:2222

188.54.79.88:995

87.220.205.14:2222

72.88.245.71:443

92.137.74.174:2222

91.68.227.219:443

184.153.132.82:443

74.66.134.24:443

47.16.73.77:2222

41.97.183.39:443

177.205.92.100:2222

24.64.114.59:3389

105.111.45.51:995

86.180.222.237:2222

76.184.95.190:993

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  ContractCopy_RL43.img
- Size
  
  1.2MB
- MD5
  
  1f4ffad05c33f183a7c3d4b05d8b5490
- SHA1
  
  c1631878deeae7cfe14373a706802364148d4713
- SHA256
  
  48c524582f19877e5b0514516dc4d6501ed42f347dd819b2d0d217de545bd480
- SHA512
  
  b1be81e06bdbfe15b945e41a7c47eb14ef55e4209399da844f5e9086b8fab13e7cf8081849775d57614a1e1c2db4a9ab76e068dfc3bb8c744c0907a4a86f72c5
- SSDEEP
  
  24576:Gold7QUoTzXWdfwTTn3M9XqdX+Di317qne:7VU7Wdf6M9XmXSi317qne
Score

3^/10
behavioral1 behavioral2
- Target
  
  ContractCopy.js
- Size
  
  9KB
- MD5
  
  ecabda2f609f2c34789948c6f442213d
- SHA1
  
  a353a07085b9af5e4f7959233d9686c2a0e536c7
- SHA256
  
  64e3fca1c24f7c294834f8e1d624c4cafa58446e22bb2cb8641124e862a6347e
- SHA512
  
  bf09e4ba2d318882f0ebc0027878a21ad068b9f2ad107c697b73b4a5f6127eb10f883ac4920769fb315c4b28444da2a9b321d25685b64cc12c40b107b23c47dd
- SSDEEP
  
  192:KSLjDJq0Tavgx685UIroAKbP2KTMhS0OGYm5llWVjAvNzAWMuEvk7MgG+r5A6:VVq2k785UIro8KTMhSeYm5P2jiuuEjP4
Score

10^/10

qakbot obama222 1668692319 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  addled/desertions.tmp
- Size
  
  781KB
- MD5
  
  f0dd39e3d1daba6666179a03e016790a
- SHA1
  
  deda34de20353d72b6d00dfaff859a23eb812016
- SHA256
  
  6a77ef711557c24c0731625118886da22cf4f421205551dfd127e63d7f85132b
- SHA512
  
  a95a342f4338402c107b88262fb4a59abfe43e25a375378a229e5adaf7b70e8b5d504467fdc3fd0248d51d7e3468fbb387dcd7142e282f15d15734364757d6c0
- SSDEEP
  
  12288:3+ed7zMD42lTz4kgcWdf8+wawM375RGyin7ZlUP9XqcYX:Zd7QUoTzXWdfwTTn3M9XqdX
Score

10^/10

qakbot obama222 1668692319 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6
- Target
  
  addled/petrifies.png
- Size
  
  42KB
- MD5
  
  015aed9a464086abd5969db036f21396
- SHA1
  
  90ee55fcd9567a9f70c7a1dcdc8cdd89b1c29152
- SHA256
  
  bd8b8773f35a4fafd0a228312c65e01cd69ccc2347bdd52eef8df33c9aabfcd3
- SHA512
  
  227e1a55da9bbc363466f340ca295a086db38e9c891a4979fd8c2f107f8c4328f5cdb5ad73f897ecf0145968e280ea30d88cd15a21a8687f68ff6d0693e5b315
- SSDEEP
  
  768:z/2/9lPo0u692TSGVhQAtE8uN/PWom2cj2Ve26KP5cEatQSB6BJTGVPnSzIniew:D2ro+hGVbpuN/uzkTSEzBcVPDniew
Score

3^/10
behavioral7 behavioral8
- Target
  
  addled/squawked.png
- Size
  
  46KB
- MD5
  
  e7660dd10cfa426a97c62d96752a3bd1
- SHA1
  
  f784bf360cf0eddeceab40f13bd20dbe5b2f6ea1
- SHA256
  
  9e4ad465298f9604c72751d2e5ff0844362de27f9e54db6bee7e15a48e90e3d8
- SHA512
  
  c6ea35b85edf9ed2a5b8ba2b09e548373f28dc6d67e222cae1c01969e85e0791b8f9b51ed004e3d532caf31e2647c134fa9ff66554b14baed07c08769ed04683
- SSDEEP
  
  768:GNbFLL54xDAib8J1Dh4IvS4/oR0QnYPuoIi/Ry5d6by8qOcPeDBWdhtqbjX:GNbF2xDAibuyir/6nYPVIi/C6by8F+yP
Score

3^/10
behavioral10 behavioral9
- Target
  
  addled/volcanic.txt
- Size
  
  243KB
- MD5
  
  6b25aa529c238654ad9f5bdf21a64d41
- SHA1
  
  4e2d40df2e48cc072142c887f09d93fc55806844
- SHA256
  
  553f2d7be393b773af8b88d4b67d5df198944c63da7558a80acec1a8504822ba
- SHA512
  
  7e17ef586615e069bb1afe78775cfa3d7f4dc214ccdd1b05425ef04569383ab05c12b5f193e98a7d023a94f62552eed5e47d4e7587b45c5877f7555c0fea41dd
- SSDEEP
  
  3072:hwMNiMLgMEEIqd4YEdTMjk2GbEEvQMgnPdQZ:ikiUg3EIqdPEdTP2GbEEvQrn1QZ
Score

1^/10
behavioral11 behavioral12
- Target
  
  data.txt
- Size
  
  5B
- MD5
  
  2e24e01ec251c8c851897724d3469520
- SHA1
  
  0ddb51524f91c79380fbfaf345437a960c3c2428
- SHA256
  
  124880061f6255dd7b59b73613ea8d246648be1d34f860b753d4b390c51496d3
- SHA512
  
  537edd95435d2f2687a6ba41f1006bd96f8b4f2882a03f09103cd4d140df7e6116fe10a44d28dfdcd6598424ed33c16477df905a37ad3dd2e4a03784294fa1ab
Score

1^/10
behavioral13 behavioral14

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14