qakbot | 1821daab4216388a07240299c9d93478a49874b5c776e297e27fc4d7553229fa

General

Target

ContractCopy_YZ62.img
Size

1.2MB
Sample

221119-g7k7dagg25
MD5

f7ca9a8048e534b3fcb6c8f66654e63a
SHA1

3e7d3cd4fb07b0f3d3305afdc18e1a57b0d34a3a
SHA256

1821daab4216388a07240299c9d93478a49874b5c776e297e27fc4d7553229fa
SHA512

a36dc6b0ac552ff1742b8b69f34bc50feb4925d3de077993c246093f7ce74910198ebd92469e473ccab356ef36c40772992bed70ea336020f5ce2b30d1df6e3a
SSDEEP

24576:5oGd7QUoTzEWdfwTTn3M9XqdXJDi317qne:BVU4Wdf6M9XmXFi317qne

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

obama222

Campaign

1668692319

C2

105.184.161.242:443

73.36.196.11:443

82.31.37.241:443

24.116.45.121:443

213.67.255.57:2222

200.93.14.206:2222

188.54.79.88:995

87.220.205.14:2222

72.88.245.71:443

92.137.74.174:2222

91.68.227.219:443

184.153.132.82:443

74.66.134.24:443

47.16.73.77:2222

41.97.183.39:443

177.205.92.100:2222

24.64.114.59:3389

105.111.45.51:995

86.180.222.237:2222

76.184.95.190:993

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  ContractCopy_YZ62.img
- Size
  
  1.2MB
- MD5
  
  f7ca9a8048e534b3fcb6c8f66654e63a
- SHA1
  
  3e7d3cd4fb07b0f3d3305afdc18e1a57b0d34a3a
- SHA256
  
  1821daab4216388a07240299c9d93478a49874b5c776e297e27fc4d7553229fa
- SHA512
  
  a36dc6b0ac552ff1742b8b69f34bc50feb4925d3de077993c246093f7ce74910198ebd92469e473ccab356ef36c40772992bed70ea336020f5ce2b30d1df6e3a
- SSDEEP
  
  24576:5oGd7QUoTzEWdfwTTn3M9XqdXJDi317qne:BVU4Wdf6M9XmXFi317qne
Score

3^/10
behavioral1 behavioral2
- Target
  
  ContractCopy.js
- Size
  
  9KB
- MD5
  
  599ff2df10ec1a8497d760784e493885
- SHA1
  
  0b6342b8c43c76fbde2e714c2a7cda2bd1260d05
- SHA256
  
  fbe4408e0c0a528f331fc002f785eff7ad16f45ae3ea3ab94eb8b3cbf0c6f00f
- SHA512
  
  08e93e1117220b0edc589505e5d3bba99c408deb5d9ce197df864cecf838a815850d9b3a0d5c6fef9ab86396bf5af230c9b1f58f3fdbfeb7db339f97bbc15dd5
- SSDEEP
  
  192:GSLjDJq0Tavgx685UIroAKbP2KTMhS0OGYm5llWVjAvNzAWMuEvk7MgG+r5A6:BVq2k785UIro8KTMhSeYm5P2jiuuEjP4
Score

10^/10

qakbot obama222 1668692319 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  addled/soloists.tmp
- Size
  
  781KB
- MD5
  
  b60b9fedc3fcf9011446349ab6430719
- SHA1
  
  e706be44c0bf3cf12ee1b357b0d037f172a5220a
- SHA256
  
  5f715c36aa0f2e60500bbc501eaacdb1e95ed38959f03a38e52009d3ec2a864f
- SHA512
  
  bd226954a1e8d72bafa2c5c6ac7e001b74284d1f09e785c8323bb96f4fa0b7694eb2d8105b4741438907b49c6b9e298d692652f95a31190abf7ce0a2c5fa5922
- SSDEEP
  
  12288:3+ed7zMD42lTz4kg3Wdf8+wawM375RGyin7ZlUP9XqcYX:Zd7QUoTzEWdfwTTn3M9XqdX
Score

10^/10

qakbot obama222 1668692319 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

3

T1082

Query Registry

1

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6