qakbot | edadeb3617531220297acf1d734ee86396b10965fe060be9d159213b49da0ba3

General

Target

Agreement_IJG15.iso
Size

662KB
Sample

221121-pz63waaf57
MD5

3911881b2a400da9976fd1191b1f8745
SHA1

d0e0a9ee01cb471fe64e2ddbd24482d45de16670
SHA256

edadeb3617531220297acf1d734ee86396b10965fe060be9d159213b49da0ba3
SHA512

2f228e93b54a22e30c64ce0e6d46a867a3acefc748e174434f935f4b2817e8eb405d10230da275531767e85d62f971b28898eeee6568dce596643f3e2f3426b1
SSDEEP

12288:INCLxwOQHy6E1YF7P01JSdCLjqa/9JNdMxgligH8:INCLxSHy6VP0/Ssfh9JUM

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

obama223

Campaign

1668757345

C2

68.47.128.161:443

87.65.160.87:995

172.90.139.138:2222

86.175.128.143:443

12.172.173.82:465

71.247.10.63:2083

47.41.154.250:443

91.254.215.167:443

71.31.101.183:443

81.229.117.95:2222

24.4.239.157:443

41.99.177.175:443

92.149.205.238:2222

73.230.28.7:443

47.229.96.60:443

186.188.2.193:443

174.112.25.29:2078

84.35.26.14:995

86.130.9.167:2222

116.74.163.221:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Agreement.js
- Size
  
  9KB
- MD5
  
  2952fddb338d90d347132a9aa2723109
- SHA1
  
  e60ea6bf81965fedf0a20b309cb2da23e3cd7bcf
- SHA256
  
  a5b2a69c106d348e586113b5b325f931c7cb20265434c6a2a9b2114d4ca3ef3e
- SHA512
  
  7475455d6c469c95eb00e809b28229d88000b2772d998e85f7c8640ab292c46fde8fdf18c36641de2d2aa243ac61bf4cd004718b4e1aaadfb94dd95e02ddf2eb
- SSDEEP
  
  192:/4SLj5Uravgx685UIhpHKbP2KTMhS0OGYm9lWVjAvNzAWM5Evk7MgG+r5AJ:/n5Kk785UIhp/KTMhSeYmn2jiu5EjP+I
Score

10^/10

qakbot obama223 1668757345 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  debunked/jinxes.temp
- Size
  
  374KB
- MD5
  
  476b1f282afbd7e11b662ca548d234e6
- SHA1
  
  910cc5d23ea17052c585fa92e2e5951433207b92
- SHA256
  
  2574e2d8ce688e65e804fd8c2c2cfa4e3d91c3cafcca4b90b5830f05ca4b8010
- SHA512
  
  09f388c2e3f661ef77d41a2e42836d0325d069b4aee31ac0393cca3a5c80ae5100db686175c1109c61c9c1b7dcb218671af5f7ddc6c40a62de04355ee7e59ba1
- SSDEEP
  
  6144:XKR66t98Uah1oq7PbQIIJSLiyCE0taaRIC6w/9IZFK+20m6WdMxgYURpi92H4X:w6E1YF7P01JSdCLjqa/9JNdMxgligH8
Score

10^/10

qakbot obama223 1668757345 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4