qakbot | c71fea377c4d748bfa475d91fe17ce6f53fcfdd5abd6c54641eb7a25d0827165 | Triage

Sharing

General

Target

8409557411.zip
Size

646KB
Sample

221117-x85keabd5z
MD5

f0e9fbef389f57b29566a2b124a74030
SHA1

530ce016c4dfbbd2ce4c9e5cf70b419cd64bc046
SHA256

c71fea377c4d748bfa475d91fe17ce6f53fcfdd5abd6c54641eb7a25d0827165
SHA512

b41e96503376a9cb5885a942e059ace8f59ad2ff55ef960aaadf1b754f052762684eb0f80aafcf41cacfb5a184d178677eb82a880f658248515da7603f75f4e3
SSDEEP

12288:SsGCtcjnMWnymZN75eTbpks8wH30cd2aLrO8SYFuam1ZXwChhy:VGCtnWpjeJ8wH30ifrO8ZFuLXwKhy

Score

10^/10

qakbot obama209 1664963577 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

403.914

Botnet

obama209

Campaign

1664963577

C2

197.94.67.207:443

197.11.134.255:443

45.227.251.167:2222

68.83.169.91:443

41.107.77.67:443

197.204.247.7:443

197.158.89.85:443

186.64.67.6:443

41.251.121.35:443

113.169.187.159:443

41.109.11.80:443

42.189.12.36:80

134.35.9.209:443

181.164.194.228:443

82.12.196.197:443

163.182.177.80:443

41.97.65.51:443

61.166.221.46:995

105.158.118.241:8443

186.86.212.138:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  c39dd6590774e2d5d2f9bc94cfa6c812a4918a8e8df96337e268b516349483e2
- Size
  
  902KB
- MD5
  
  995ee1df4bc961a577adc65e9bf07ecc
- SHA1
  
  09c76b23acf21dd34e4f3dfdbebb4c8cea68191c
- SHA256
  
  c39dd6590774e2d5d2f9bc94cfa6c812a4918a8e8df96337e268b516349483e2
- SHA512
  
  36b41ee70fee8ff38f75642eb5b8ec6ac695aa9f4196f860fd3d0206fe8fa48613764af2980ef71b02d357e49c764272dd624553dc7af392f76880cfd09173f6
- SSDEEP
  
  12288:wv7zjNSEZKn6FexYXe6Vra47uSvhwldvtIFQloQ0t7GbMXaP1GMZXiR:ezx4RxCzVqjl5eCMX6GM9o
Score

10^/10

qakbot obama209 1664963577 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

qakbotobama2091664963577bankerstealertrojan