Overview

overview

10

Static

static

12663 Dec 01.lnk

windows7-x64

10

12663 Dec 01.lnk

windows10-2004-x64

10

349.dll

windows7-x64

1

349.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1.zip

  • Size

    357KB

  • Sample

    221202-m1skrsaf44

  • MD5

    028417118101fbbb97f45fbb87a1b268

  • SHA1

    a2c817eafc2c971f14aeb6bed04496730f4c55b9

  • SHA256

    4774af876120608e94f1528063b776ea0d19d2aaa0c8963be79f3722363d2687

  • SHA512

    73d30ff42445578e4aa5f5ac0905f10f8b814121384616b58fb14448c33cfe3fa748d598232452396919f617c5dac6a423ab14d4d085fda1ce4002bdd81405e1

  • SSDEEP

    6144:pPWNfp2ix9ax6u0pkDKXFlgKXXSHdEsI/OUXLSimZJFBiHQ+gdY8Dhwyrx:pOZ4ix9ax6u0pplgKHS9Et/p/oFBwQUi

Score
10/10
qakbotobama2241669794048bankerstealertrojan

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

obama224

Campaign

1669794048

C2

75.161.233.194:995

216.82.134.218:443

174.104.184.149:443

173.18.126.3:443

87.202.101.164:50000

172.90.139.138:2222

184.153.132.82:443

185.135.120.81:443

24.228.132.224:2222

87.223.84.190:443

178.153.195.40:443

24.64.114.59:2222

77.126.81.208:443

75.99.125.235:2222

173.239.94.212:443

98.145.23.67:443

109.177.245.176:2222

72.200.109.104:443

12.172.173.82:993

82.11.242.219:443
Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      12663 Dec 01.lnk

    • Size

      953B

    • MD5

      c9e405ab50019f65bef275361b32d025

    • SHA1

      590d6fadff2a56c519aa67a350fa502d207fd685

    • SHA256

      5cf672d93ef6f92f2b3d3d9cf3debff28311cebac0b56e7296144b58554b6302

    • SHA512

      b078ec225d78162b415826138c907cc35325bac04eb1bef9a15cd698b5c900ff65a19365fd2c708de5c683a2bc3780ecaf2badd8579b00be674a8fec007f52ba

    Score
    10/10
    qakbotobama2241669794048bankerstealertrojan

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

    • Target

      349.dll

    • Size

      600KB

    • MD5

      1e8c4b625a5456a9c1f5db0081848a1f

    • SHA1

      61e310ca58ea6393c36a42e6d7ac550d818b439c

    • SHA256

      2d147dd83ddc3b3662219c204e2a16025f7512d9a1727c0d651dced791226aab

    • SHA512

      11efad410f770c8a3e3e960e039f21b5580670fe7f0c21729c2d8ca28419f7ae5c98ef5c6f8ab4afdc00fdf78d7510bc5d5f3fdf42e2680066632a61dfb80d5b

    • SSDEEP

      12288:QSUUEfo5I6/o2qgkpUdK9Msme0CWUdOWk4F:QSTiWDvLyRme0C0Wk4

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks