qakbot | 18dd6f44e60c5c34c1d6402dd2d9e9bd2abaf64feb9397d4138bfc4d0d2c40a4

General

Target

Agreement_BAU87.iso
Size

662KB
Sample

221121-thkkrsca5t
MD5

e673fd650526879f9247db1d3e46b7fb
SHA1

f4a26183fc3c9c17348c496e6356aedc11ef4a17
SHA256

18dd6f44e60c5c34c1d6402dd2d9e9bd2abaf64feb9397d4138bfc4d0d2c40a4
SHA512

b22297ca03b70e2659376425758d8bb99487b6cbb4a33a61cc18be6d96cf7d351448e6e50c9f44323200198a06f1cfb03fd1351fc9766bc0351e427d02d955f9
SSDEEP

12288:wNiLxQ6E1YF7P01JSdCLjqa/9lNdMxgligH81OQH:wNiLxQ6VP0/Ssfh9lUM8H

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

obama223

Campaign

1668757345

C2

68.47.128.161:443

87.65.160.87:995

172.90.139.138:2222

86.175.128.143:443

12.172.173.82:465

71.247.10.63:2083

47.41.154.250:443

91.254.215.167:443

71.31.101.183:443

81.229.117.95:2222

24.4.239.157:443

41.99.177.175:443

92.149.205.238:2222

73.230.28.7:443

47.229.96.60:443

186.188.2.193:443

174.112.25.29:2078

84.35.26.14:995

86.130.9.167:2222

116.74.163.221:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Extracted

Family

qakbot

Attributes

salt
�-2ݭs7�W}%�y��&��D�@��V�B ��4^0$��~��PP��(0��)��Ct�Ӗ�}ڎH��=S0>0( ��1v�K��n��^�%-��&�3��r\��a?��ܼ�lrܫ@bU��vL��G��M[,�I��1 �_��<��-�+��/RV�)V�s10,�� c��ި�WB�yq|%X�)��K��vӥH��~ n1�!n�\��t�X��+-v_H>��'��D��M��@�vpo5�5�q��D�~�:�"{̥��A�#.<�Uq��4O�{��d`)~��it��x�}��ػW!�NHL�l�I�=+mP��t��<��n~5*W�l�?c��e��Ct윉��Y�d��[J�L��9W��z� 2�:��ի2!8s�#�<��p��H� 9W��5RPR�

Targets

- Target
  
  Agreement.js
- Size
  
  9KB
- MD5
  
  5274fecc75846ecccd5ddcd55b60622c
- SHA1
  
  f20d301db60f338be8681b61da90d9a9478248ee
- SHA256
  
  e6ba8dc7a63a5c17f8b6f41519a39568800acdfac3d8272e2c72e1d08b8118cb
- SHA512
  
  2ac6687d569386bb9c15722b856c7393c31f715d39c6590f7a15058cfe2c00b8b34d573d231174a374bbb389ea8dbf5253a277316a1821cd24ccf023a540cf6f
- SSDEEP
  
  192:/kSLj5Uravgx685UIhpHKbP2KTMhS0OGYm9lWVjAvNzAWM5Evk7MgG+r5AJ:/z5Kk785UIhp/KTMhSeYmn2jiu5EjP+I
Score

10^/10

qakbot obama223 1668757345 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  debunked/histograms.temp
- Size
  
  374KB
- MD5
  
  eac955d9afd79c7c7fa3c268f789727b
- SHA1
  
  c6a63c2632a3d9312a09fdfa21624e474413d706
- SHA256
  
  6f79b1e51b747fc5d194a99809eb95fb79d1da21b20d3d9a928c713e3f084782
- SHA512
  
  9511eb1242cc74365207490f832622dc58f0eea906def66751319b36ee138b1ea93c6daa0dc8aff8af4f6c0136286faa28de9cf29d2468817eb4452d58f6554f
- SSDEEP
  
  6144:XKR66t98Uah1oq7PbQIIJSLiyCE0taaRIC6w/9IBFK+20m6WdMxgYURpi92H4X:w6E1YF7P01JSdCLjqa/9lNdMxgligH8
Score

10^/10

qakbot obama223 1668757345 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4