qakbot | aaba1b6cef10304f93b1ade13dc59aba4c9fb385907d9b9cb2cb934a2c9b5b2f

General

Target

Agreement_NFK58.iso
Size

662KB
Sample

221118-vrdz1sdh4w
MD5

9484312e8cb775cda836dbee177c4060
SHA1

a05e07c8c24574a61479df658835f780f4868535
SHA256

aaba1b6cef10304f93b1ade13dc59aba4c9fb385907d9b9cb2cb934a2c9b5b2f
SHA512

9d095a7563b92d2e4148d44778f329a30ba8554347773f5d8ea2b0b8673a52d4df59cb830cba6c805a0d119fd1cacc9e0ed3f02c37af734bbf41450f5dcd7549
SSDEEP

12288:SNCLxwOQHy6E1YF7P01JSdCLjqa/9cNdMxgligH8:SNCLxSHy6VP0/Ssfh9cUM

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

obama223

Campaign

1668757345

C2

68.47.128.161:443

87.65.160.87:995

172.90.139.138:2222

86.175.128.143:443

12.172.173.82:465

71.247.10.63:2083

47.41.154.250:443

91.254.215.167:443

71.31.101.183:443

81.229.117.95:2222

24.4.239.157:443

41.99.177.175:443

92.149.205.238:2222

73.230.28.7:443

47.229.96.60:443

186.188.2.193:443

174.112.25.29:2078

84.35.26.14:995

86.130.9.167:2222

116.74.163.221:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Agreement.js
- Size
  
  9KB
- MD5
  
  e5d688ed14e74fedb1d2a4dab64fd620
- SHA1
  
  9ec4a4829d560d821092087600747c6cb52a5002
- SHA256
  
  616a1c3a65fed4142c80f37a67f87d4d83af6ce28fd842f20c184ed995908894
- SHA512
  
  368d546d3d491ae09d501d452730086d542fe6df9a0e979ae59183ed57f78ff7fb1bf960ddafa65c7d7ee1d3a346e3d343cb7801f1afc8cc6b64952f6fa0e55d
- SSDEEP
  
  192:/0SLj5Uravgx685UIhpHKbP2KTMhS0OGYm9lWVjAvNzAWM5Evk7MgG+r5AJ:/j5Kk785UIhp/KTMhSeYmn2jiu5EjP+I
Score

10^/10

qakbot obama223 1668757345 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  debunked/slaughterhouse.temp
- Size
  
  374KB
- MD5
  
  b1e1d2ea1e2e0936aeb8e3f79ade7406
- SHA1
  
  5a53f3dc8e4cda7bd92a21361fada7f814c9f3fe
- SHA256
  
  820c86717ed36270cd3dd2e4e659d559908ddfbc942686ddcbeec48a321b86c4
- SHA512
  
  355959e8d68dee491ce1518b5afac86b03a9e53044b5799d7baeb6ca2b2abdbd4223e6a8238880d857dbe037936ff1c35bb33dacc9158e64fb8febee040827c7
- SSDEEP
  
  6144:XKR66t98Uah1oq7PbQIIJSLiyCE0taaRIC6w/9I0FK+20m6WdMxgYURpi92H4X:w6E1YF7P01JSdCLjqa/9cNdMxgligH8
Score

10^/10

qakbot obama223 1668757345 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4