Overview

overview

10

Static

static

QJ98.iso

windows7-x64

3

QJ98.iso

windows10-2004-x64

3

WW.js

windows7-x64

10

WW.js

windows10-2004-x64

10

port/package.dll

windows7-x64

10

port/package.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    QJ98.img

  • Size

    848KB

  • Sample

    221118-m9hf6ahc27

  • MD5

    73d701cac3da7a4ba9fa383324dbc3fe

  • SHA1

    6e090fa925d1ebdaa7b2ec410f25b4cbfe1e247a

  • SHA256

    b12345efe24c330c9c201143bb0dd2699eec0dd108728b02a4df9c4b61718be9

  • SHA512

    0e1161fbb681dce08069b03c1bd37a2c6bd6e0f9be6dfc96dfa85f111e4e42010f61dd96059846d93c05ae8d35355a8aa0cc225f9922324be0908dc7f82159a0

  • SSDEEP

    12288:QojVN9gjGfBl6YUWlaVxbYUGOpGPq1Tu/VxdZlUP9Xq4F/9:QojVN9gjkSW8wWpD9u/VLM9Xq4n

Score
10/10
qakbotbb061668683197bankerstealertrojan

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB06

Campaign

1668683197

C2

23.240.47.58:995

12.172.173.82:465

91.169.12.198:32100

94.63.65.146:443

80.13.179.151:2222

64.207.237.118:443

24.206.27.39:443

83.114.60.6:2222

86.171.75.63:443

86.195.32.149:2222

170.253.25.35:443

92.185.204.18:2078

157.231.42.190:995

170.249.59.153:443

174.101.111.4:443

116.74.163.152:443

76.80.180.154:995

180.151.104.143:443

86.130.9.167:2222

86.99.15.243:2222
Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      QJ98.img

    • Size

      848KB

    • MD5

      73d701cac3da7a4ba9fa383324dbc3fe

    • SHA1

      6e090fa925d1ebdaa7b2ec410f25b4cbfe1e247a

    • SHA256

      b12345efe24c330c9c201143bb0dd2699eec0dd108728b02a4df9c4b61718be9

    • SHA512

      0e1161fbb681dce08069b03c1bd37a2c6bd6e0f9be6dfc96dfa85f111e4e42010f61dd96059846d93c05ae8d35355a8aa0cc225f9922324be0908dc7f82159a0

    • SSDEEP

      12288:QojVN9gjGfBl6YUWlaVxbYUGOpGPq1Tu/VxdZlUP9Xq4F/9:QojVN9gjkSW8wWpD9u/VLM9Xq4n

    Score
    3/10
    behavioral1behavioral2

    • Target

      WW.js

    • Size

      9KB

    • MD5

      fcb87421878277d365bfee2b4da2193a

    • SHA1

      ef58bb8d6769ea502afa2be180b84bffe16adbb0

    • SHA256

      f1804b738f12e13897d93ded056e8771f26f269c4bd5e46ea91868f6876e66ac

    • SHA512

      7040d1d04f69baeebd3067f68aa8a87681bbbdbbbe6f5a52b6579dc737c7313f4f3446872b28187bc1fe85cb5672cf7ad637aa7c76937dbc0b2b20163f92504d

    • SSDEEP

      192:jnSLjDJq0Tavgx685UIroAKbP2KTMhS0OGYm5llWVjAvNzAWMuEvk7MgG+r5A6:qVq2k785UIro8KTMhSeYm5P2jiuuEjP4

    Score
    10/10
    qakbotbb061668683197bankerstealertrojan

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral3behavioral4

    • Target

      port/package.tmp

    • Size

      691KB

    • MD5

      7db8ab3efdd6d94e51d3f8d4c44d41af

    • SHA1

      4dc02d68a2890f12eef80738a29a038db28c0f88

    • SHA256

      da1705fe6b926117da821fd2be24caedf6ef334ad76026332640e28be53f3b67

    • SHA512

      4a8239258b4cd66b8f3b2bbc795f53ab73a4db3e6be9a997b138562186517c3d2800a224ca95070bc1146feab973b1d745c2c6639cb53ef409a5256cc68863ad

    • SSDEEP

      12288:sjGfBl6YUWlaVxbYUGOpGPq1Tu/VxdZlUP9Xq4F/9:sjkSW8wWpD9u/VLM9Xq4n

    Score
    10/10
    qakbotbb061668683197bankerstealertrojan
    behavioral5behavioral6

MITRE ATT&CK Enterprise v6

Tasks