qakbot | c3cbf54a0103490dc5581d766e4462e4b5eb9e8cd45c9c97853e3bdd5e1361d7

General

Target

pw-nov123.zip
Size

648KB
Sample

221130-1cq9paba9x
MD5

cb9c4d22f721da72abd340780fe2892e
SHA1

45344bdf745625358225bcbf9aaa3d7148286376
SHA256

c3cbf54a0103490dc5581d766e4462e4b5eb9e8cd45c9c97853e3bdd5e1361d7
SHA512

60c0ab2c72e8fa91242114581ac1cc210b57cab4b45095f16fd79dbc04f46b96637250c1f05a1e15d5a30f61ad81be8824fcb57e516a45c141a1fe320daae2ca
SSDEEP

12288:vnYnv7BVOxrcz9iQSSn6bVjWq8OQCKeeJcRsOh9tt4S8Jd+IhUACECrXIuZJ:/Ynv7BVOVw9+PjWq8bP7JcmOntoJEImZ

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

obama224

Campaign

1669794048

C2

75.161.233.194:995

216.82.134.218:443

174.104.184.149:443

173.18.126.3:443

87.202.101.164:50000

172.90.139.138:2222

184.153.132.82:443

185.135.120.81:443

24.228.132.224:2222

87.223.84.190:443

178.153.195.40:443

24.64.114.59:2222

77.126.81.208:443

75.99.125.235:2222

173.239.94.212:443

98.145.23.67:443

109.177.245.176:2222

72.200.109.104:443

12.172.173.82:993

82.11.242.219:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  WP.vbs
- Size
  
  182B
- MD5
  
  9b9b29197cae0e97c7f2e73b309e51ff
- SHA1
  
  14787348dd8d419227afd51659540a3b80641eee
- SHA256
  
  fef9692d8290f862a3c9561e5fa6331f4a084ecdd8e5f920d3f8a4b3d9899e9c
- SHA512
  
  57977963d61517f02c88a356bef8b892448b32ee9ad1cbbc82e988c503da3b091808f8b86d13a9693cb43e51a76cb2a04a504ad9897ceef805456a2852c7cac4
Score

10^/10

qakbot obama224 1669794048 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  metaphysic/battleship.vbs
- Size
  
  182B
- MD5
  
  9b9b29197cae0e97c7f2e73b309e51ff
- SHA1
  
  14787348dd8d419227afd51659540a3b80641eee
- SHA256
  
  fef9692d8290f862a3c9561e5fa6331f4a084ecdd8e5f920d3f8a4b3d9899e9c
- SHA512
  
  57977963d61517f02c88a356bef8b892448b32ee9ad1cbbc82e988c503da3b091808f8b86d13a9693cb43e51a76cb2a04a504ad9897ceef805456a2852c7cac4
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  metaphysic/donatory.ps1
- Size
  
  363B
- MD5
  
  19ada07528b7493d500da761e7e0e1d2
- SHA1
  
  474bd679811af56b40eacf5a1b3a54d3cd16ea18
- SHA256
  
  8507b2bce4d6b05206a245ed60753d8876145327ea16407fad5c7a920100eb3a
- SHA512
  
  0157e7f2721b3947753cf03817862b836b73dfceb8c31c406866e26f1db5f4af8175520a7a1336c0990a9f56cba418c1fdf0f579712a9b4a3851420548047359
Score

1^/10
behavioral5 behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

4

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Loads dropped DLL

Checks computer location settings

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6