qakbot | 34cedea8323757b0fdc32c67e67cc8a2dc5bbffd83a42f7421f40825f752600c

Sharing

Copy URL

Twitter E-mail

General

Target

IG-152WP.iso
Size

101.2MB
Sample

221130-1zmvsach7z
MD5

85dca72f4f5cfa17ff48091a34ffe3d1
SHA1

99a9d6ec07280026bff99caeaf13cc250d0ce664
SHA256

34cedea8323757b0fdc32c67e67cc8a2dc5bbffd83a42f7421f40825f752600c
SHA512

e9e89b79474f362106751e5f8b5034e00a5b5c13f0fec4ba644a31107a5b53451124e4d6793db894dad693aecaeff4ceaedd17a50a93d495d4692521ad3c1818
SSDEEP

24576:qFolOZ7iw5LwfHH3vwLwZ0RV9Z0OEdMdEz52kqAaBJP8fnLJ518VCqoI2ytHE:qFolOZ7iw5LwfHH3vwLwAuDHAHE

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

obama224

Campaign

1669794048

75.161.233.194:995

216.82.134.218:443

174.104.184.149:443

173.18.126.3:443

87.202.101.164:50000

172.90.139.138:2222

184.153.132.82:443

185.135.120.81:443

24.228.132.224:2222

87.223.84.190:443

178.153.195.40:443

24.64.114.59:2222

77.126.81.208:443

75.99.125.235:2222

173.239.94.212:443

98.145.23.67:443

109.177.245.176:2222

72.200.109.104:443

12.172.173.82:993

82.11.242.219:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  IG-152WP.iso
- Size
  
  101.2MB
- MD5
  
  85dca72f4f5cfa17ff48091a34ffe3d1
- SHA1
  
  99a9d6ec07280026bff99caeaf13cc250d0ce664
- SHA256
  
  34cedea8323757b0fdc32c67e67cc8a2dc5bbffd83a42f7421f40825f752600c
- SHA512
  
  e9e89b79474f362106751e5f8b5034e00a5b5c13f0fec4ba644a31107a5b53451124e4d6793db894dad693aecaeff4ceaedd17a50a93d495d4692521ad3c1818
- SSDEEP
  
  24576:qFolOZ7iw5LwfHH3vwLwZ0RV9Z0OEdMdEz52kqAaBJP8fnLJ518VCqoI2ytHE:qFolOZ7iw5LwfHH3vwLwAuDHAHE
Score

3^/10
behavioral1
- Target
  
  WP.vbs
- Size
  
  182B
- MD5
  
  0896109ebdbc438cd306f1094a42ca03
- SHA1
  
  adeee01c4b4184a0466951c01745251279ae123c
- SHA256
  
  3976c2eb92337d26e48dd93b87da2727e7e6751a23b69d64e6348355ba7deea5
- SHA512
  
  ffec8bc5426ce444a0c2090a5dbe0f46bb2f8f8666008757555ac5719afc89f7eb5c022aef1fa93a2bbad70d5cc9d6a56444807c1f5ae52438f428077080ea3d
Score

10^/10

qakbot obama224 1669794048 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops file in System32 directory
behavioral2
- Target
  
  header
- Size
  
  100.0MB
- MD5
  
  5937fb14ca678edd47fca8acbf0f12d0
- SHA1
  
  c1ff9be307e47212d858e3bd534a32e94eba0d75
- SHA256
  
  cd1f2a4b7893d1c70893ed2ba347e140d34bdcd2794097424083d9367fa5caa6
- SHA512
  
  b552f74ee4dc974b9f42feeb7a97a70c7c3bb94817478c571195d6d91156ea7d4d90a426df0fef975c91a549b19763c3a7a87c0a564a11cabc95630ebaf9ff09
- SSDEEP
  
  3:Wttkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkw:Yu
Score

1^/10
behavioral3
- Target
  
  metaphysic/alas.vbs
- Size
  
  182B
- MD5
  
  0896109ebdbc438cd306f1094a42ca03
- SHA1
  
  adeee01c4b4184a0466951c01745251279ae123c
- SHA256
  
  3976c2eb92337d26e48dd93b87da2727e7e6751a23b69d64e6348355ba7deea5
- SHA512
  
  ffec8bc5426ce444a0c2090a5dbe0f46bb2f8f8666008757555ac5719afc89f7eb5c022aef1fa93a2bbad70d5cc9d6a56444807c1f5ae52438f428077080ea3d
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral4
- Target
  
  metaphysic/choked.txt
- Size
  
  221KB
- MD5
  
  c6a3f23a15df0367b84fb3233673e85c
- SHA1
  
  3e86493470835ba04db6ccadb77e37bae422fba5
- SHA256
  
  1db1054fbc2158fd8fc73cf92f03d9816d48fc92a5023164c52bea820f71199d
- SHA512
  
  e578dbfe8b7bf719897664f65d28b9fc0461bdab754e665202d48d6e0f3237fec80a908344b22326459f36880dbc0bd25c6b3124f6a7adc26880f2659479f99b
- SSDEEP
  
  3072:XoCkLSl+AMwmeG68MgWMNftCtMiv07iXQQk5:4FulJNxT8RWkf8bv07iw5
Score

1^/10
behavioral5
- Target
  
  metaphysic/imprints.gif
- Size
  
  24KB
- MD5
  
  45a891a5bbc4c25a91a77a06d065ff84
- SHA1
  
  831e6c38e6153f269cbde79d83ba6765421a9ea2
- SHA256
  
  32a6cc08ba7a30f462b37a8dc7f71ec0b40318379040fac318dd3a6d43ef9a17
- SHA512
  
  1287d8c542b45afaf3be53ec6fe00ac1c0c4f1af7a5d95e824afcabf842a7bdbaa2bf86468023c6640f43357a24066f352d24557a7058f943a513f25f7415e89
- SSDEEP
  
  768:vtqRNUQeWOtaMK7MpIIfTgVCQaDbqKab/iLylG:vE8Qeztan7kBTgVC07WLyw
Score

1^/10
behavioral6
- Target
  
  metaphysic/prefaces.ps1
- Size
  
  369B
- MD5
  
  faa1a0a59d78e8a06600beba36c6b41f
- SHA1
  
  286ce390ec8ad92da202a21390af83f21c3f8e2c
- SHA256
  
  8cd4c8f2c980b2ae103418871dfca7ba2aed7ada93cb0e32325d8b6103163265
- SHA512
  
  8e42cd3bda0252269f1a82b74811d513ff83c3382a467f7f4455ad83b5ddad4f4bbfa4c14e65cecb0462e227bed8866930cf51bc6d20711903e5d4a70c86868e
Score

1^/10
behavioral7
- Target
  
  metaphysic/preyed.txt
- Size
  
  85KB
- MD5
  
  7741772d4a072119b308a292db71fba3
- SHA1
  
  d93d3aa15fbc1031a6c6cf267243cfeb55e43ef3
- SHA256
  
  59220a25e69e43f4af5aa414c5754b1991c2057ce54a8f6642488e3ab7e45738
- SHA512
  
  6235ada0fbf49f004956dcd7e976b78db2beef51b3944b9fd2958d6d7731a6d0c98b7b91586a5b43196e755952596683f4c88eccda7509d0c6445030fd5ffa92
- SSDEEP
  
  1536:xATNwiDtQlNHHoA1Zc/uo64E5clp1ZOVqqXwp17wiHj/t/cW1ZOViL:GwCtQzHHL1ZDaE5cv1ZOPwLwWj/t/V1X
Score

1^/10
behavioral8
- Target
  
  metaphysic/readme.txt
- Size
  
  770KB
- MD5
  
  07600e1dd044b75a84857b90d246aee7
- SHA1
  
  0ea797440370f349b1137586ddbe1d071ff8f48a
- SHA256
  
  b63f23a6a846f11810d2750b949fa746c94a3d199f13cc627f7675f1a2be4c71
- SHA512
  
  c01f8e1c6567e2e709592400e54164d92a8f4c08886f0b21bfafd1d8e17eba9bcb06b3158044933ba345668b784d9dcea5388ed8d6868924f971d7f2da3dfc8f
- SSDEEP
  
  24576:+0RV9Z0OEdMdEz52kqAaBJP8fnLJ518VCqoI2yO:1uDHh
Score

1^/10
behavioral9
- Target
  
  metaphysic/simmers.jpg
- Size
  
  21KB
- MD5
  
  82bee8c359156bcc35acd3b08926b9b1
- SHA1
  
  a63ca0946e30a28c120202ad6e74715dee64d897
- SHA256
  
  e4ff759593a61c06548eae5faf20c7d2090d70807214b1bbd381154f3d35db7e
- SHA512
  
  2887d2156e39d8f9f328165453894e72d79ce6767f947a0c60b14bcc3d36db76cec568c648e1d1f101ef53ab55e1be78025a932bfe6c38e2ff07c538d8ae3bb6
- SSDEEP
  
  384:LZwSODsVmwh2SFoXvNZPvczbwFOJhl6nT0A1nmMtEgeAix1c72yjeDXOIJ+CwcJI:LZwbDsV/clZqpP6nTtnH/nIoP+XOA+C2
Score

3^/10
behavioral10
- Target
  
  metaphysic/typewrite.png
- Size
  
  43KB
- MD5
  
  5522c9e8ef8d4a5a95bb1f3d676fdc5c
- SHA1
  
  ae12bd89d36e46d1e416931d064c7b8c0867250a
- SHA256
  
  81a8fe3499c5cfc66c98b6d4935a8270eb824e1e58f60075846d49e1021c710a
- SHA512
  
  911606b88218f78b53343eea80bdde91c945fb241cecaa6b5e4991206cf966f3d479e0c3cda93734b740286946d6fe0a82f45b76937c88fc8c17a20784f75913
- SSDEEP
  
  768:t18g+tRun0DiF2ZCgX2VkNWTQHCj2qBjMTDGum2p7sc8Z/pcN7OOa48MZdX8encX:nQzICCD6NWdp4fYOBD8cDnYf
Score

3^/10
behavioral11

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Loads dropped DLL

Drops file in System32 directory

Checks computer location settings

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11