qakbot | 331d4789464156674383cdd37a130a9e6edc66ed1396a2be587ac64a193f6215

Sharing

Copy URL

Twitter E-mail

General

Target

6669f3ac-5555-4635-a362-da152cb3cdf8.zip
Size

333KB
Sample

221122-v2rzmabd44
MD5

0c7641d055066ffe0c451a099c0731dd
SHA1

2db5824364ee86a355fa7356073fbb08bda59501
SHA256

331d4789464156674383cdd37a130a9e6edc66ed1396a2be587ac64a193f6215
SHA512

2c4822635e23413b7aae6225962c552d137e0d196ad5a52c8af4c919e7846dc3cb2c2b93cd2875b26cba1c830dbe211dca9fc908fd21457f207414c28608a678
SSDEEP

6144:q99KFBec0zlJLlya1wJSeAB6yoxWuJ8LMtNzzT4zVXIDVpULee+yoBOqk6EnIee:q2FBVuF1wBAB6yoxWA8LMNzzT4BhLOyK

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

obama223

Campaign

1668757345

68.47.128.161:443

87.65.160.87:995

172.90.139.138:2222

86.175.128.143:443

12.172.173.82:465

71.247.10.63:2083

47.41.154.250:443

91.254.215.167:443

71.31.101.183:443

81.229.117.95:2222

24.4.239.157:443

41.99.177.175:443

92.149.205.238:2222

73.230.28.7:443

47.229.96.60:443

186.188.2.193:443

174.112.25.29:2078

84.35.26.14:995

86.130.9.167:2222

116.74.163.221:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  6669f3ac-5555-4635-a362-da152cb3cdf8.zip
- Size
  
  333KB
- MD5
  
  0c7641d055066ffe0c451a099c0731dd
- SHA1
  
  2db5824364ee86a355fa7356073fbb08bda59501
- SHA256
  
  331d4789464156674383cdd37a130a9e6edc66ed1396a2be587ac64a193f6215
- SHA512
  
  2c4822635e23413b7aae6225962c552d137e0d196ad5a52c8af4c919e7846dc3cb2c2b93cd2875b26cba1c830dbe211dca9fc908fd21457f207414c28608a678
- SSDEEP
  
  6144:q99KFBec0zlJLlya1wJSeAB6yoxWuJ8LMtNzzT4zVXIDVpULee+yoBOqk6EnIee:q2FBVuF1wBAB6yoxWA8LMNzzT4BhLOyK
Score

1^/10
behavioral1 behavioral2
- Target
  
  Agreement_BMX87.iso
- Size
  
  662KB
- MD5
  
  301a09558cbc43c2676f058ddeaabaf9
- SHA1
  
  cb7046d10bb73591d1a9343328d2535cb3388ec0
- SHA256
  
  49c293857151c324d49aee732f34e236b99bba8bd0bf686aff3f900375db8297
- SHA512
  
  050bc7053bbb1a45029a07ca70c6a08899b3716347dec7914ef4d14e208ff1a6bc84c4242772ce003312eaba6992c25dfbd5206ceab6be90035107889cbdaa8c
- SSDEEP
  
  12288:XNGLxwOQHy6E1YF7P01JSdCLjqa/9lNdMxgligH8:XNGLxSHy6VP0/Ssfh9lUM
Score

3^/10
behavioral3 behavioral4
- Target
  
  Agreement.js
- Size
  
  9KB
- MD5
  
  aae02cffa683d523eb28f9de1bdc4774
- SHA1
  
  fd87d3df88c64540b0f8a7e49f807d88c3c133c0
- SHA256
  
  eed22993bc02ce49e18bd1055e70855fa5446be7acf275952af05efa112faa72
- SHA512
  
  b049a9a8585bfd5c13b4b13da7e07b13f97965cb94d1c6f76be3448e50afca8666f48b5fb9bb4309ef23fafce0ceb8c0d1b2c0b34f9b8f7d6d7133b59f242521
- SSDEEP
  
  192:/KSLj5Uravgx685UIhpHKbP2KTMhS0OGYm9lWVjAvNzAWM5Evk7MgG+r5AJ:/V5Kk785UIhp/KTMhSeYmn2jiu5EjP+I
Score

10^/10

qakbot obama223 1668757345 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral5 behavioral6
- Target
  
  data.txt
- Size
  
  5B
- MD5
  
  bb692cc1e32054c2aa0ec80111dee5ef
- SHA1
  
  223bae19990c7398a55a7963ef239ca54c30f5ca
- SHA256
  
  5bbeb671347ca2e15fb64d618eb618d53d16f3d13507d1013cc0640afe212282
- SHA512
  
  acdb2796ff1ce68f1d3cc71a3058825c6a7c1d12ce1e0ef3341bfb3cb3e57cf2bd50b06160cc68b87e6349990606f146711a7907f2f4353c37f91afd923c11a6
Score

1^/10
behavioral7 behavioral8
- Target
  
  debunked/helixes.txt
- Size
  
  120KB
- MD5
  
  f8fe7740c50118b6db8fa69ec591d002
- SHA1
  
  907785605794191068543af9400935f4c95c2e1f
- SHA256
  
  cbc5bd7cf00e1d65fa989e522178945f69d21ceb826c8e2ee373753c837d4f2a
- SHA512
  
  0f6818dc2accec0cc98d863c8a7a757944d3dd7cbaa03d7b6a40bce6ce004f4fe28143af814f0e0f1e4598d1fdc9deaade4a0b0552d699f4e8e3d802663dabfe
- SSDEEP
  
  1536:aqZSkGq/IZShxDZgU8Zfxvi8kZwRLQGfxFg:AkGkxEJdjA
Score

1^/10
behavioral10 behavioral9
- Target
  
  debunked/intrepid.txt
- Size
  
  92KB
- MD5
  
  dcbdab48c170abf8db49869f38c45081
- SHA1
  
  53f466efd20e4ffa75a180b78f49629541c69942
- SHA256
  
  ec4e433ff0df119741cfbc4a80535ebbadc0429e86982ab1f662aa327856ffa2
- SHA512
  
  86b0a8cf687740e54ad53d387e60e071e575c3fa8a5c9a59330332a51caf596a33ef447785d3af9fbd78a807466f42ce1732f2afb62b098ee78930440b5e22a1
- SSDEEP
  
  1536:QGQcW1ZOVIcevj/tQlc1ZOVWHo/rzcROcbcXW1ZOVab0OW1ZOVX:QzV1ZOCj/tQO1ZOcHQCcm1ZO20f1ZOd
Score

1^/10
behavioral11 behavioral12
- Target
  
  debunked/sorer.temp
- Size
  
  374KB
- MD5
  
  0141fd65ca670220c66f17868fca9b92
- SHA1
  
  6ec9dbc7869777fc79934441ccb70f1bf9fb1cd4
- SHA256
  
  13a572403208c38174fb265338fcff502fac582c2569b02e82ab454414c336c9
- SHA512
  
  2ae45a4bf3b615a0b22ac312645ad02f2ed78efca3a1bd81ef03d60c688d4def0ca3a97c87a714bdd0a4924467ae5d73076d91776973a07e1e4f6b4829d0e8b0
- SSDEEP
  
  6144:XKR66t98Uah1oq7PbQIIJSLiyCE0taaRIC6w/9IlFK+20m6WdMxgYURpi92H4X:w6E1YF7P01JSdCLjqa/9lNdMxgligH8
Score

10^/10

qakbot obama223 1668757345 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral13 behavioral14

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14