qakbot | e54941c8fd4f4ad0a627b6396b17ced2829c0242237830cc035efcf0998aab22

Resubmissions

09-12-2022 21:25

221209-z9vgyaed42 10

09-12-2022 20:57

221209-zrnxfahb5v 10

02-12-2022 02:38

221202-c46axsab2w 10

Sharing

Copy URL

Twitter E-mail

General

Target

19440 Dec 01.vhd
Size

80.0MB
Sample

221202-c46axsab2w
MD5

6e9206019791c1591f646db2c96c9fdb
SHA1

7a63730f9f683cce54a14211933f09499869e754
SHA256

e54941c8fd4f4ad0a627b6396b17ced2829c0242237830cc035efcf0998aab22
SHA512

53d4eb20580391d3eee41755d263581f0dfa57012294ee8c6af96342b073c511e0398e5a40d6981c7aac83078e7356478f52ca7aa45954b2c28e2de296a37699
SSDEEP

12288:PSUUEfo5I6/o2qgkpUdv9Msme0CWUdOWk4F:PSTiWDvLfRme0C0Wk4

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

obama224

Campaign

1669794048

75.161.233.194:995

216.82.134.218:443

174.104.184.149:443

173.18.126.3:443

87.202.101.164:50000

172.90.139.138:2222

184.153.132.82:443

185.135.120.81:443

24.228.132.224:2222

87.223.84.190:443

178.153.195.40:443

24.64.114.59:2222

77.126.81.208:443

75.99.125.235:2222

173.239.94.212:443

98.145.23.67:443

109.177.245.176:2222

72.200.109.104:443

12.172.173.82:993

82.11.242.219:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  19440 Dec 01.lnk
- Size
  
  953B
- MD5
  
  50f9044d1fd979d5232075be8d3c2390
- SHA1
  
  848e4ab680ce010ed3f337a8ac37e6b58150d499
- SHA256
  
  a987d07bee7729eda66980226477494ba37dcf5f72cbc6e11524891de2b2da52
- SHA512
  
  7c07c43dc7546bfa15fbca6dab038c162bdad7b360b029b088c544bdcdc8cdf725923a1be5bd6abe222868aab8839465be688c1f84e33b498cc829c513e4a0f0
Score

10^/10

qakbot obama224 1669794048 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  786.dll
- Size
  
  600KB
- MD5
  
  a12026e1d8d5699723e14a450f612528
- SHA1
  
  0eb6925e3e7e9cd9f0e472495956112195e1ed04
- SHA256
  
  6732fc37c4d5de1459b19b734547bd4dfd86b9b3c779d292ffffe0e74007ecb6
- SHA512
  
  9628b83edfb2872c01451fbac092190a6af3d85bf5b8e9ba482009e085cbc2604b00563014c8defa6862b26f5daa925aeddeee61a0b27c1a8e0cb76e3a45effc
- SSDEEP
  
  12288:QSUUEfo5I6/o2qgkpUdv9Msme0CWUdOWk4F:QSTiWDvLfRme0C0Wk4
Score

1^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4