qakbot | 8c7c94a46e1680a09d656f3f9218a87804d7e2dc103dbea37664f50e0d1f103d

General

Target

Agreement_IJK83 2.iso
Size

662KB
Sample

221124-jecewahb38
MD5

cb8eec8f329945dc8fcdd1c739267c01
SHA1

240b17fb1b9b970960e20e37838cdba6b2ff75ea
SHA256

8c7c94a46e1680a09d656f3f9218a87804d7e2dc103dbea37664f50e0d1f103d
SHA512

e184ed5c0b4e6392c753f5372dfbf0cbd17b8ea5f435c04aeaf822912057da53a5a340ecf4a304087d265ffea5a86e7acc69a4d5dfbddee0881e70955d8af52e
SSDEEP

12288:ANf6E1YF7P01JSdCLjqa/9lNdMxgligH8QLxwOQH:ANf6VP0/Ssfh9lUMFLxSH

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

obama223

Campaign

1668757345

C2

68.47.128.161:443

87.65.160.87:995

172.90.139.138:2222

86.175.128.143:443

12.172.173.82:465

71.247.10.63:2083

47.41.154.250:443

91.254.215.167:443

71.31.101.183:443

81.229.117.95:2222

24.4.239.157:443

41.99.177.175:443

92.149.205.238:2222

73.230.28.7:443

47.229.96.60:443

186.188.2.193:443

174.112.25.29:2078

84.35.26.14:995

86.130.9.167:2222

116.74.163.221:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Agreement.js
- Size
  
  9KB
- MD5
  
  a1e45107ae06669c1e19a4981113db19
- SHA1
  
  644eafca0401911911d9730f176777fdd6bfb848
- SHA256
  
  91c82792f8e6bc10ee98bdc44eefc7a114b02e0f743ba33f13f74bdeef7a2848
- SHA512
  
  47b0d6b34849e1df04f2895015bce4914410de1defd5815d035ee6558e880c1489fa60f47385b5781ed28c705ba542c929ffca67d6330dd71d64293e0d94e126
- SSDEEP
  
  192:/LSLj5Uravgx685UIhpHKbP2KTMhS0OGYm9lWVjAvNzAWM5Evk7MgG+r5AJ:/C5Kk785UIhp/KTMhSeYmn2jiu5EjP+I
Score

10^/10

qakbot obama223 1668757345 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  debunked/cadge.temp
- Size
  
  374KB
- MD5
  
  17b04b7921ca42c4fd89b25b91bc78ad
- SHA1
  
  dac5d95ec42b2f4d97b3278ba8e91ed9ef3f88b7
- SHA256
  
  d94af8b5783c9039347e568acbac953182284fffe1e231c3c8fb58081c3df98a
- SHA512
  
  f7509e865c5515d0f54f1b6d877269a1c7320cf4f18d079cb021cebe8fbf17b766819bdb9e76154ab0c8d9845c2e21634ebda76ca665d0a5948b6cd8a0df194d
- SSDEEP
  
  6144:XKR66t98Uah1oq7PbQIIJSLiyCE0taaRIC6w/9IlFK+20m6WdMxgYURpi92H4X:w6E1YF7P01JSdCLjqa/9lNdMxgligH8
Score

10^/10

qakbot obama223 1668757345 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4