qakbot | 10812b29d4a93b1f03cc9f74ab5376ad02a874223daf9dc3c9e7206be07d7862

General

Target

ca21cc2c-0554-49eb-8c92-016fa63cee85.zip
Size

474KB
Sample

221118-jz262agh59
MD5

1b6fa174404945f4b65d63aef3d136e3
SHA1

043db40e626adc1defd1532b24c21df8c5010905
SHA256

10812b29d4a93b1f03cc9f74ab5376ad02a874223daf9dc3c9e7206be07d7862
SHA512

20f6e6ec5fcf2f605509d75b9a814eefe3f96f7d6999de121fe9f40b25b68e2fe9f10bdb3923bf21c1d45deff896c860cb32f9f3b2f9b242b9a1b60695f5ba4d
SSDEEP

12288:AuamuZv4Tiyb7j2ZLl2AXeU3b1ndz8a69Wm:amuZv4tyZwAuYzaWm

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

obama222

Campaign

1668692319

C2

105.184.161.242:443

73.36.196.11:443

82.31.37.241:443

24.116.45.121:443

213.67.255.57:2222

200.93.14.206:2222

188.54.79.88:995

87.220.205.14:2222

72.88.245.71:443

92.137.74.174:2222

91.68.227.219:443

184.153.132.82:443

74.66.134.24:443

47.16.73.77:2222

41.97.183.39:443

177.205.92.100:2222

24.64.114.59:3389

105.111.45.51:995

86.180.222.237:2222

76.184.95.190:993

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  ContractCopy.js
- Size
  
  9KB
- MD5
  
  35c0ebee752e004d38c07257e2c5a10d
- SHA1
  
  8b81489b1f7d77442b745a470276807bfa02d31e
- SHA256
  
  42bf4aca1ebae440a92bb1f4cc5b217febc2d7e37c660f21c11de7fd40e0edd9
- SHA512
  
  9971e56dc7f655272cfaad4d95f6612bbb3079615c5e8bdb74ab14d3e9d9160cc8a6e0fd7008b71f30281622366f9bf432545fc36c8b901424c8bad28c6403d3
- SSDEEP
  
  192:9SLjDJq0Tavgx685UIroAKbP2KTMhS0OGYm5llWVjAvNzAWMuEvk7MgG+r5A6:4Vq2k785UIro8KTMhSeYm5P2jiuuEjP4
Score

10^/10

qakbot obama222 1668692319 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  addled/renames.tmp
- Size
  
  781KB
- MD5
  
  ce9dcdcfbea296abf60ef3293bea06f2
- SHA1
  
  34a21c0222bd64d885457468ed51c2245c4ca8bc
- SHA256
  
  6bae4bcc5bed0e66ca067ce43a7ba6cb778e3f9b5c4dd43bc4ba80b4f8ccd153
- SHA512
  
  b29ec40096186f9884d7c990aa1300667093d31c6f67526c9cd22188145f82f8054a405eed716c2d66462c17b214f97985fa626ab11186351ea4273a7c5482c6
- SSDEEP
  
  12288:3+ed7zMD42lTz4kglWdf8+wawM375RGyin7ZlUP9XqcYX:Zd7QUoTzGWdfwTTn3M9XqdX
Score

10^/10

qakbot obama222 1668692319 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4