Overview

overview

10

Static

static

WO07.iso

windows7-x64

3

WO07.iso

windows10-2004-x64

3

WW.js

windows7-x64

10

WW.js

windows10-2004-x64

10

animators/...ly.dll

windows7-x64

10

animators/...ly.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    WO07.img

  • Size

    970KB

  • Sample

    221118-d36ezage74

  • MD5

    51df89f5ef0fbddfefece984e0fe31c8

  • SHA1

    36e12c0e342cfca757e1460648c05c13e42a64e2

  • SHA256

    a418225b8f8d14e1ebf55c553bdc8065f90dcd6e29dc647499fcf3cd52f95756

  • SHA512

    4436f9b8f0ff8aa29ec57bfb4bd0af60a0d4303c1ff1ea1d4787d6a278d69018d17c30c6b35f2cd2dfb20e43d80bc554b096d6d59a30f0251f2ae63180cc9c49

  • SSDEEP

    12288:aoEKwnONVvoo6F+DfZxL4+Dir8lkQ5z4hbsmKFX4GfOs5VBNYRbWAUWWvoYPiwBP:aoEKw9o6F+DRt4Tr8lkBhYp2QOU

Score
10/10
qakbotbb061668670510bankerstealertrojan

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB06

Campaign

1668670510

C2

86.225.214.138:2222

71.183.236.133:443

182.66.197.35:443

70.66.199.12:443

76.80.180.154:995

180.151.104.143:443

92.149.205.238:2222

83.110.223.247:443

183.87.31.34:443

105.103.50.1:990

103.141.50.117:995

105.103.50.1:465

105.103.50.1:22

86.130.9.167:2222

86.99.15.243:2222

90.104.22.28:2222

172.117.139.142:995

176.142.207.63:443

142.161.27.232:2222

71.247.10.63:50003
Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      WO07.img

    • Size

      970KB

    • MD5

      51df89f5ef0fbddfefece984e0fe31c8

    • SHA1

      36e12c0e342cfca757e1460648c05c13e42a64e2

    • SHA256

      a418225b8f8d14e1ebf55c553bdc8065f90dcd6e29dc647499fcf3cd52f95756

    • SHA512

      4436f9b8f0ff8aa29ec57bfb4bd0af60a0d4303c1ff1ea1d4787d6a278d69018d17c30c6b35f2cd2dfb20e43d80bc554b096d6d59a30f0251f2ae63180cc9c49

    • SSDEEP

      12288:aoEKwnONVvoo6F+DfZxL4+Dir8lkQ5z4hbsmKFX4GfOs5VBNYRbWAUWWvoYPiwBP:aoEKw9o6F+DRt4Tr8lkBhYp2QOU

    Score
    3/10
    behavioral1behavioral2

    • Target

      WW.js

    • Size

      9KB

    • MD5

      e0d2dd4326d8d3301dfc23c9b424d369

    • SHA1

      a510d09f3e29a02dd6646053b31f7cf0353e98da

    • SHA256

      de5461ca2234cbf5109c24ce7a3f3883bb876984e7b825e885c201afbb4a885b

    • SHA512

      6379371b2947416b2d82b5a1371075534af1e3a23ead4ada72b9534114fd40558b9f4b4cef55a820a2e464c3d0746788246ca56a950b2d2736132f44f06193c4

    • SSDEEP

      192:ChSLjDJq0Tavgx685UIroAKbP2KTMhS0OGYm5llWVjAvNzAWMuEvk7MgG+r5A6:CsVq2k785UIro8KTMhSeYm5P2jiuuEjw

    Score
    10/10
    qakbotbb061668670510bankerstealertrojan

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral3behavioral4

    • Target

      animators/statistically.tmp

    • Size

      835KB

    • MD5

      78cbc3737cba72f3224e6500aef981f7

    • SHA1

      a552ab5399feb94e25a1b0b87cca3fa3affb06a5

    • SHA256

      1e670322c5f801def5f743425135c18175271635eca9f76e4c5c8cf664cdd4ae

    • SHA512

      7972344717b9253700ed92bd9b612f243b1f6b6282acc2d4b28c2bd35c16eff160288dbd3e0df9feae63a61d0158bfb59cc7c424689ff89302cac27217b146ca

    • SSDEEP

      12288:T6F+DfZxL4+Dir8lkQ5z4hbsmKFX4GfOs5VBNYRbWAUWWvoYPiwBP:T6F+DRt4Tr8lkBhYp2QOU

    Score
    10/10
    qakbotbb061668670510bankerstealertrojan
    behavioral5behavioral6

MITRE ATT&CK Enterprise v6

Tasks