qakbot | a98ddbd231b67fcc7813fccb21bd128983bf36483e0e158cbba9ad1913af89e5

General

Target

attachment.zip
Size

333KB
Sample

221118-szqbxahg25
MD5

c04b304faf92500e93e755b7699edfcb
SHA1

0775ba0cd37d03fcae7da9275fbd60116b87d49c
SHA256

a98ddbd231b67fcc7813fccb21bd128983bf36483e0e158cbba9ad1913af89e5
SHA512

18dab27331b6045e4288ae02748c18d36b57b6da9d120c27cd707f468d2627ccd67f98d2dc0485b4551420fed7db648a32d1753bb018f4d2e882414246959aab
SSDEEP

6144:70YqYcVDnqH9AWRFCArSPH/vPMvIZvX2aBt8r47EVS8ZzP3pYFH5kIltuRcul:X6VDnqdV/COSPH/VZvXl8JkSPZdkuRP

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

obama223

Campaign

1668757345

C2

68.47.128.161:443

87.65.160.87:995

172.90.139.138:2222

86.175.128.143:443

12.172.173.82:465

71.247.10.63:2083

47.41.154.250:443

91.254.215.167:443

71.31.101.183:443

81.229.117.95:2222

24.4.239.157:443

41.99.177.175:443

92.149.205.238:2222

73.230.28.7:443

47.229.96.60:443

186.188.2.193:443

174.112.25.29:2078

84.35.26.14:995

86.130.9.167:2222

116.74.163.221:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Agreement.js
- Size
  
  9KB
- MD5
  
  750f690f601d698c8a10798fca2393c4
- SHA1
  
  ac2ae27df2800ebdd4c279d28f1507225c365a0c
- SHA256
  
  f7c20609ae99b19f93238d41228cf242021f8f16de00990a6820a447a76a0756
- SHA512
  
  d280b45218b921990a8d6604008505053bc06998b6f7045158fe76a2eaf526e8497a0d93f7af6decfee3ad9825e3ccfa1d1a75179b8f452a05d3ccb4aa03e136
- SSDEEP
  
  192:/HSLj5Uravgx685UIhpHKbP2KTMhS0OGYm9lWVjAvNzAWM5Evk7MgG+r5AJ:/+5Kk785UIhp/KTMhSeYmn2jiu5EjP+I
Score

10^/10

qakbot obama223 1668757345 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  debunked/morsel.temp
- Size
  
  374KB
- MD5
  
  4213f3b559e5c4d47ab07061045b8ed8
- SHA1
  
  12aa0ade7c533b30cc3d756bba802c834eb75da2
- SHA256
  
  354c8b856f485a1a69e549ba79ba2ac00c708e58e67b3222368f6819b15af3ff
- SHA512
  
  87dd007cae59bebbeb483d2948dc8af91b700f1dff8a159bf91aa433980f24d562d8e4cee62071f376b893b7451282aa38d7050c3231e98d752745ce4e0c1731
- SSDEEP
  
  6144:XKR66t98Uah1oq7PbQIIJSLiyCE0taaRIC6w/9IJFK+20m6WdMxgYURpi92H4X:w6E1YF7P01JSdCLjqa/9hNdMxgligH8
Score

10^/10

qakbot obama223 1668757345 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4