qakbot | d52482df38eb5394b6d97c214ec89db80247c06b9b71339cbba82d281eb29f88

General

Target

pw-u1515.zip
Size

446KB
Sample

221201-1mf7gadg58
MD5

c60212b5417e564569603acaa0469ca5
SHA1

0678d6b8accc8a932b853cc9377ebfa83c86221f
SHA256

d52482df38eb5394b6d97c214ec89db80247c06b9b71339cbba82d281eb29f88
SHA512

a121f420565b89c7511ea6474c37acd22d7f4cfc5913ac454926a10b375510a7627fc60a332a8dc65abe91ff0bd50fa34655d314a3a5495e31b81fec5b3fb189
SSDEEP

12288:QkGNqRrS9fLgQAMjPLd5AfLm53aX1bJAj1bg42fqddv0TFfzjKT:Q5UQTdiy53aldAj1r2yLv0TF7eT

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

obama224

Campaign

1669794048

C2

75.161.233.194:995

216.82.134.218:443

174.104.184.149:443

173.18.126.3:443

87.202.101.164:50000

172.90.139.138:2222

184.153.132.82:443

185.135.120.81:443

24.228.132.224:2222

87.223.84.190:443

178.153.195.40:443

24.64.114.59:2222

77.126.81.208:443

75.99.125.235:2222

173.239.94.212:443

98.145.23.67:443

109.177.245.176:2222

72.200.109.104:443

12.172.173.82:993

82.11.242.219:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  14098 Dec 01.lnk
- Size
  
  953B
- MD5
  
  dc93e0f884dff1fc9951e64f6f47e65d
- SHA1
  
  7482067ff2c99c94140254ac27f047d02f454658
- SHA256
  
  22a5e596c65b42911d1ab8bd6ef32193c663069dd1de201d81b90d513a11ec35
- SHA512
  
  6ed92c26161129f48096da3892b8ca6ae901992a4a504ebce492ca3bfd946cf582e4ae598885c91b0aa03f5ef903bca1e8e4e2cf9fc17892650b84274cd7b7cc
Score

10^/10

qakbot obama224 1669794048 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1
- Target
  
  472.dll
- Size
  
  600KB
- MD5
  
  7ea355b017f86ad9177e55bd6c6695ae
- SHA1
  
  473312f3a537509174e56b9ca6fc92ee9fd812c3
- SHA256
  
  00288eb24055a00a40d394f018de7857c9cb02d5e7af245792e837856e124416
- SHA512
  
  c75396103b90f2ed4f5ebf7e88749c8e5c507bc0803b9a938b5560ef28a6448caf397ff7b2fdaac1220f1972036771178715f0c107af222c4ad349d28d19a9ef
- SSDEEP
  
  12288:QSUUEfo5I6/o2qgkpUdE9Msme0CWUdOWk4F:QSTiWDvLoRme0C0Wk4
Score

1^/10
behavioral2
- Target
  
  System Volume Information/WPSettings.dat
- Size
  
  12B
- MD5
  
  09d461fdadf39fa702d61cca24e6317e
- SHA1
  
  9f257178f279c65d21b91987114075579b95fbef
- SHA256
  
  93ac1052dc52572fb6c45ad76360093b64bc0d830379a4d6b3e5a0d53f165d12
- SHA512
  
  c99ae5de36b4fbfa768a025453a1f316a3ca7c76a8bbef15e9cfb61114cd2637896167064cfe163769ff7f2aac363a4f99131e2d128ced78e618353661dedff2
Score

3^/10
behavioral3

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3