qakbot | b854bec9bc8a38e7c4e906f6d9696a11695087291ab8deefc2e56f73de08138a

Sharing

Copy URL

Twitter E-mail

General

Target

0343c209-b54e-4c1d-9488-4505e5633c8e.zip
Size

543KB
Sample

221202-tx5jgsdg95
MD5

453eccd4180ab75b5de77f3417802be7
SHA1

d3fb38d8e7c238a0b5b48c4746f975f99bed1607
SHA256

b854bec9bc8a38e7c4e906f6d9696a11695087291ab8deefc2e56f73de08138a
SHA512

0fba335a8f04e54a993aa931e8608e4bc14dab3796e2038ad16abef6588ceb5f824c26f75a6c4fffa8b0aecf1bd334294eb8ea6a2409251ae523e43c9d5cca39
SSDEEP

12288:aQdiugs3q0W0+VjslAuH1tSQu1SpxFImdnnaSZkZP:aWi990kVj0jSHaxDnZOP

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

obama225

Campaign

1669974461

85.59.61.52:2222

66.191.69.18:995

186.64.67.9:443

174.104.184.149:443

91.165.188.74:50000

213.22.188.57:2222

173.18.126.3:443

90.89.95.158:2222

172.90.139.138:2222

78.100.230.10:995

184.153.132.82:443

41.100.146.58:443

85.152.152.46:443

75.99.125.235:2222

83.92.85.93:443

173.239.94.212:443

24.64.114.59:2222

74.66.134.24:443

98.145.23.67:443

213.67.255.57:2222

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Claim.lnk
- Size
  
  1KB
- MD5
  
  9b3f9ba6670ca4f7462263afea03300d
- SHA1
  
  05a28549badf8b9d83e5a9ea7c960d5a7e5e8a83
- SHA256
  
  a4f4049b71130cd9104cbef4f6aeb3e9d6b10bcf53e154a5148a09e859cf0fa6
- SHA512
  
  1d15aa99644718ba6bfda2e4bc56f7941ff229487601ef07ce0cf03cafbf1f5e80ecb851daa9729a608070d21a82a669d83296ea1a92624f55abef60d99379fa
Score

10^/10

qakbot obama225 1669974461 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  amended/concavity.cmd
- Size
  
  225B
- MD5
  
  cf605826d7a1358aa8b936a7cdc486e3
- SHA1
  
  5bc66d8b6ba9200873f2c1fc15513c2ec5efce93
- SHA256
  
  be8947e2022457ae17805d261a38cf9379b05480caf94265175672ba86099dd8
- SHA512
  
  d6cc6c256162be004ea67d1a67bd04ca58656746a0268a3e619d197b50adf9d4fb6f2b8f3ab91994146bc0307368273fff8ebfed5b6dac5d495711b07995c613
Score

1^/10
behavioral3 behavioral4
- Target
  
  amended/depressurize.cmd
- Size
  
  294B
- MD5
  
  4478916ab6a542ba83d159f91d65c49a
- SHA1
  
  acf13927bc140cc3ae0e49de3c750adb78600002
- SHA256
  
  36754f9a2fe5f46e64976d49b253894de757a5fc9b1d7a81daf45c450529d0ad
- SHA512
  
  4ac53a5fbc1114095dba189edb0312fb8f1dd98f11dcf765281e10f977434795ccec172e4091187591006e677081a7c2ef100badefd9eb9504ec07ed69ccc558
Score

1^/10
behavioral5 behavioral6
- Target
  
  amended/unwarmed.tmp
- Size
  
  444KB
- MD5
  
  278dcd5147c869e6940e6baba52bb931
- SHA1
  
  cc8b2111b22a72a1d7831751c64ff9b107fc545d
- SHA256
  
  4a6fa75896f4dca8e3ad9c5024037b10b61bd4a723819aaf0ea941f37a763411
- SHA512
  
  2ddd45bbd30a11ac9816aa27053d6b9151468064de3245a46a82e35884814cd1a2dd8decbef540b92b22b106572c4bbe97f92f2a1ec01a5eab592d67c306654f
- SSDEEP
  
  12288:BWyGWZDZNFkHkmqnfsd5Ja46fDV3+QWc2:AOZuHk2JajfRO8
Score

10^/10

qakbot obama225 1669974461 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral7 behavioral8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8