qakbot | deafc124bc097312f31fa48c677945da35e1d2833cd014723fb7b29f92b4c8db

General

Target

KM-532WP.iso
Size

101.2MB
Sample

221201-mh924add21
MD5

4de734650352d165fc8aa24e84747409
SHA1

a727847c0286cd092293e09a5a966a2eff7f2222
SHA256

deafc124bc097312f31fa48c677945da35e1d2833cd014723fb7b29f92b4c8db
SHA512

f71a91e711c1e0cd78cb6dac4e5af2f44fad1ccaf13e9a48d39f0dbf14e52c0d7b44b63505ce38be61190b298be38c69798151c953dfd1b3b5fd5dbf4c59a1e8
SSDEEP

24576:TFolOZ7iw/VwfHH3vwLwZ0RV9Z0OEdMd0z52kqAaBJP8fnLJ518VCqoI2ytHE:TFolOZ7iw/VwfHH3vwLwYuDHAHE

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

obama224

Campaign

1669794048

C2

75.161.233.194:995

216.82.134.218:443

174.104.184.149:443

173.18.126.3:443

87.202.101.164:50000

172.90.139.138:2222

184.153.132.82:443

185.135.120.81:443

24.228.132.224:2222

87.223.84.190:443

178.153.195.40:443

24.64.114.59:2222

77.126.81.208:443

75.99.125.235:2222

173.239.94.212:443

98.145.23.67:443

109.177.245.176:2222

72.200.109.104:443

12.172.173.82:993

82.11.242.219:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  WP.vbs
- Size
  
  181B
- MD5
  
  bbaffbb5d8288a9481f38b8a56aa0154
- SHA1
  
  ea95bc5e3125049f06859eff5ce2d8fbc9bbc62a
- SHA256
  
  6176a28d3c16b51c41d9b81b625423fe0d3c0addc6a8e32613ca7e10d540d990
- SHA512
  
  2dfa07c8f935f252f2ef100ecb4fea0a0d299092e348f1933d72067d671eb607cfde8a2a61411cbf056f01412ef1c3c46811472bff3c76d60b4bdd963c7ccd69
Score

10^/10

qakbot obama224 1669794048 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  metaphysic/crematoria.vbs
- Size
  
  181B
- MD5
  
  bbaffbb5d8288a9481f38b8a56aa0154
- SHA1
  
  ea95bc5e3125049f06859eff5ce2d8fbc9bbc62a
- SHA256
  
  6176a28d3c16b51c41d9b81b625423fe0d3c0addc6a8e32613ca7e10d540d990
- SHA512
  
  2dfa07c8f935f252f2ef100ecb4fea0a0d299092e348f1933d72067d671eb607cfde8a2a61411cbf056f01412ef1c3c46811472bff3c76d60b4bdd963c7ccd69
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  metaphysic/leveler.ps1
- Size
  
  363B
- MD5
  
  3a09963c9181f0f542ba74c629862ef8
- SHA1
  
  4c4e93f77c591590c049e5f275c088b3edd3c6bf
- SHA256
  
  2d25b2ee5fc13b485abd86b0b7fe90b274f1646bdaaee7ceaba4a85e49babdb1
- SHA512
  
  2ae4bedea2b124e8cc66835eb1dd43f8141495888f6a50f7e1ec05611807aa1d7de5f4f23f1c99f7d94f21ddc9a873567173f4f54af4c57b1ed1582c56b3d85a
Score

1^/10
behavioral5 behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

3

T1082

Query Registry

1

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Loads dropped DLL

Checks computer location settings

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6