Overview

overview

10

Static

static

WW.js

windows7-x64

10

WW.js

windows10-2004-x64

10

animators/hence.dll

windows7-x64

10

animators/hence.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    61d1a12b385371ca134cc3311c7f95665847a628471e8ce2cac80b21839ea0f3

  • Size

    437KB

  • Sample

    221118-mf3j8sda7y

  • MD5

    9a43f154b8d3b422fd1e1bb7e7d31ac2

  • SHA1

    e73ebf37e61426a36d578b88bbc946f756a97251

  • SHA256

    61d1a12b385371ca134cc3311c7f95665847a628471e8ce2cac80b21839ea0f3

  • SHA512

    a5a5c7c6e472e78399094c436764152f5d58f3ccf3698037d78308e541889d27c4beab26c67aef05f40eb0cd9e933e354dc681927683cff47aea2b78d0d51d46

  • SSDEEP

    12288:CaHD41VOnWx33dTAr869bjIMOSs3Aocup:Caj41VNE8Ibjfnup

Score
10/10
qakbotbb061668670510bankerstealertrojan

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB06

Campaign

1668670510

C2

86.225.214.138:2222

71.183.236.133:443

182.66.197.35:443

70.66.199.12:443

76.80.180.154:995

180.151.104.143:443

92.149.205.238:2222

83.110.223.247:443

183.87.31.34:443

105.103.50.1:990

103.141.50.117:995

105.103.50.1:465

105.103.50.1:22

86.130.9.167:2222

86.99.15.243:2222

90.104.22.28:2222

172.117.139.142:995

176.142.207.63:443

142.161.27.232:2222

71.247.10.63:50003
Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      WW.js

    • Size

      9KB

    • MD5

      d9c309a8fefff04bef8c70c12bc1ba24

    • SHA1

      05c0e26194faf486cda93146f6c04bb127be394e

    • SHA256

      aa0ad63e6fa89f99438e7183650d8c50b7b2f7300c72f8c53ce53faa90101461

    • SHA512

      2aa4e65d212563e91ff19e0f939ad28aa35f5c8bb94b5784b13214f6d17610346a41aff940cea3946d183f2abd89d20d8995f82f9d854e5969971672acc7f6a9

    • SSDEEP

      192:tSLjDJq0Tavgx685UIroAKbP2KTMhS0OGYm5llWVjAvNzAWMuEvk7MgG+r5A6:IVq2k785UIro8KTMhSeYm5P2jiuuEjP4

    Score
    10/10
    qakbotbb061668670510bankerstealertrojan

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

    • Target

      animators/hence.tmp

    • Size

      835KB

    • MD5

      6b05d36e5f119ce1e35f2551b1d5ae2b

    • SHA1

      8272b905198d940b330313301f3f401ac67292e2

    • SHA256

      e7c9f0db8dacb3e963a4bdff272565f39f8db3741ed4e4b9a9f0a1bcc30ebd7d

    • SHA512

      373646d591517c75c1f0af49b0e6f4b81e917ea49662e9aea48b2eb517167c6645131360cc05d50828db901e0cf6dec38702cf2f8788d4bd11839f9f125d8f91

    • SSDEEP

      12288:T6F+DfZxL4+Dir8lkQ5z4hbmmKFX4GfOs5VBNYRbWAUWWvoYPiwBP:T6F+DRt4Tr8lkBhCp2QOU

    Score
    10/10
    qakbotbb061668670510bankerstealertrojan
    behavioral3behavioral4

MITRE ATT&CK Enterprise v6

Tasks