qakbot | f071b3ecc96c80963115cd6f6fce57e861fa2934d4ef5b6612f66940daba18cb

General

Target

17847 Dec 01.vhd
Size

80.0MB
Sample

221201-z1slzseg6v
MD5

70f48a9a84cf0a043dd6c561e35e3483
SHA1

8249a92320984e5fa5f5114406d7eb3247d67344
SHA256

f071b3ecc96c80963115cd6f6fce57e861fa2934d4ef5b6612f66940daba18cb
SHA512

853a8614ed647955ffb1bb54661fd7b8f36602c09c8d40ede7683c43df226ff89b231bb574334f0995807ee504366dddb240a3f3d9e2dafd41ef20c38f42c0f1
SSDEEP

12288:HSUUEfo5I6/o2qgkpUdh9Msme0CWUdOWk4F:HSTiWDvL1Rme0C0Wk4

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

obama224

Campaign

1669794048

C2

75.161.233.194:995

216.82.134.218:443

174.104.184.149:443

173.18.126.3:443

87.202.101.164:50000

172.90.139.138:2222

184.153.132.82:443

185.135.120.81:443

24.228.132.224:2222

87.223.84.190:443

178.153.195.40:443

24.64.114.59:2222

77.126.81.208:443

75.99.125.235:2222

173.239.94.212:443

98.145.23.67:443

109.177.245.176:2222

72.200.109.104:443

12.172.173.82:993

82.11.242.219:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  out.vhd
- Size
  
  80.0MB
- MD5
  
  70f48a9a84cf0a043dd6c561e35e3483
- SHA1
  
  8249a92320984e5fa5f5114406d7eb3247d67344
- SHA256
  
  f071b3ecc96c80963115cd6f6fce57e861fa2934d4ef5b6612f66940daba18cb
- SHA512
  
  853a8614ed647955ffb1bb54661fd7b8f36602c09c8d40ede7683c43df226ff89b231bb574334f0995807ee504366dddb240a3f3d9e2dafd41ef20c38f42c0f1
- SSDEEP
  
  12288:HSUUEfo5I6/o2qgkpUdh9Msme0CWUdOWk4F:HSTiWDvL1Rme0C0Wk4
Score

1^/10
behavioral1
- Target
  
  1270.dll
- Size
  
  600KB
- MD5
  
  21c907826867ea3e1453ff6c773e1dce
- SHA1
  
  aa35fbe2a28c36cd76916d3d23792b5d3b35af5e
- SHA256
  
  1612e086fe01d5a31287188fe4c373e5b2f30d10bc165f8e53bab5ab6ec3d458
- SHA512
  
  dc3b35a7218f520e64e83982a791dc34b272aaafc8ef6591bd6a2b4d5947363e2188ced5825b950ef2db45eaf5f9875b07a73bb6caa37b91c162915d6e8d40d5
- SSDEEP
  
  12288:QSUUEfo5I6/o2qgkpUdh9Msme0CWUdOWk4F:QSTiWDvL1Rme0C0Wk4
Score

1^/10
behavioral2
- Target
  
  17847 Dec 01.lnk
- Size
  
  955B
- MD5
  
  0a18cfdb2128226f1096903336306c7b
- SHA1
  
  f96db837c52c2667fe1924221ff2cfb676dfbdd4
- SHA256
  
  ba3ae6c13f3accb892ba075ef32c18c0841de76847c8f20670a80fab9d1e3e81
- SHA512
  
  86983280f9f0508941963530bec8b521ddd7f26f411dc055e6afe3b27a130024822cf78d38bb54574184ba8e0d6fb6acbf92368cd83ba0c8e6f0f4d25dfc921c
Score

10^/10

qakbot obama224 1669794048 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3
- Target
  
  System Volume Information/IndexerVolumeGuid
- Size
  
  76B
- MD5
  
  426444c2c08ee779ef8c0ddb220d22a4
- SHA1
  
  a1fa468c642c10af2d0287d9e7b8221d20874ed4
- SHA256
  
  a1725d843002870af87a9146f1708a3d13e8512cd9a771215c1f90b3191cbddb
- SHA512
  
  949eb62ae2d355204c8ccc945501eee2afbb82d7f3989afe85d96b831c44047aa46672d6c352a132d065d698592dd3dcac3cef5d3a2acef9a3e05e8f47c7b841
Score

1^/10
behavioral4
- Target
  
  System Volume Information/WPSettings.dat
- Size
  
  12B
- MD5
  
  09d461fdadf39fa702d61cca24e6317e
- SHA1
  
  9f257178f279c65d21b91987114075579b95fbef
- SHA256
  
  93ac1052dc52572fb6c45ad76360093b64bc0d830379a4d6b3e5a0d53f165d12
- SHA512
  
  c99ae5de36b4fbfa768a025453a1f316a3ca7c76a8bbef15e9cfb61114cd2637896167064cfe163769ff7f2aac363a4f99131e2d128ced78e618353661dedff2
Score

3^/10
behavioral5

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

3

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5