qakbot | 4f80c976afde3828525f99f9f4cfce18504ba698869b50b1abba79da47047b2d

General

Target

66a3eddb-ef80-439d-baa1-a56726f362b5.zip
Size

333KB
Sample

221118-vrdz1sdh4v
MD5

074955c4c78cf2667da24fa0622a05c1
SHA1

00a3d8ca06b2e978c184295971accdc27f9f8c18
SHA256

4f80c976afde3828525f99f9f4cfce18504ba698869b50b1abba79da47047b2d
SHA512

a454fbe4d23dbb0c3898a48f0fcb1a8076a6b213654fba15ee56dbb932d2e90e4e99791152913a79d66b40889159a594ca74f1d5aeda1485c4c1814226fcbc7f
SSDEEP

6144:DErutyLt0TUwEL2T5H5+bECTA/HpjSp2El3YlKr5P2ZIPj8piBnRgorQdM:aSEL2TzoFAxjS1l3Xr5PS2yiBRgov

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

obama223

Campaign

1668757345

C2

68.47.128.161:443

87.65.160.87:995

172.90.139.138:2222

86.175.128.143:443

12.172.173.82:465

71.247.10.63:2083

47.41.154.250:443

91.254.215.167:443

71.31.101.183:443

81.229.117.95:2222

24.4.239.157:443

41.99.177.175:443

92.149.205.238:2222

73.230.28.7:443

47.229.96.60:443

186.188.2.193:443

174.112.25.29:2078

84.35.26.14:995

86.130.9.167:2222

116.74.163.221:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Agreement.js
- Size
  
  9KB
- MD5
  
  e5d688ed14e74fedb1d2a4dab64fd620
- SHA1
  
  9ec4a4829d560d821092087600747c6cb52a5002
- SHA256
  
  616a1c3a65fed4142c80f37a67f87d4d83af6ce28fd842f20c184ed995908894
- SHA512
  
  368d546d3d491ae09d501d452730086d542fe6df9a0e979ae59183ed57f78ff7fb1bf960ddafa65c7d7ee1d3a346e3d343cb7801f1afc8cc6b64952f6fa0e55d
- SSDEEP
  
  192:/0SLj5Uravgx685UIhpHKbP2KTMhS0OGYm9lWVjAvNzAWM5Evk7MgG+r5AJ:/j5Kk785UIhp/KTMhSeYmn2jiu5EjP+I
Score

10^/10

qakbot obama223 1668757345 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  debunked/slaughterhouse.temp
- Size
  
  374KB
- MD5
  
  b1e1d2ea1e2e0936aeb8e3f79ade7406
- SHA1
  
  5a53f3dc8e4cda7bd92a21361fada7f814c9f3fe
- SHA256
  
  820c86717ed36270cd3dd2e4e659d559908ddfbc942686ddcbeec48a321b86c4
- SHA512
  
  355959e8d68dee491ce1518b5afac86b03a9e53044b5799d7baeb6ca2b2abdbd4223e6a8238880d857dbe037936ff1c35bb33dacc9158e64fb8febee040827c7
- SSDEEP
  
  6144:XKR66t98Uah1oq7PbQIIJSLiyCE0taaRIC6w/9I0FK+20m6WdMxgYURpi92H4X:w6E1YF7P01JSdCLjqa/9cNdMxgligH8
Score

10^/10

qakbot obama223 1668757345 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4