Malware sandboxing report by Hatching Triage

General

Target

12099 Dec 01.vhd
Size

80MB
Sample

221202-txan4she2y
MD5

c801fef5cc4eab7c14fbe84be95b6e86
SHA1

73c8d05661752bf32b67a48c98759053fe7b2d07
SHA256

c4820e71333cd9030cf7ff75f81b1c60204e8b8eec4a13925cc1088e72ec9f9d
SHA512

c4f81855e91b317734ae762c872c66f7276fa58c10c072cc909444f8adea4f79820c6fb4b79e56ef34daa877c002c4e04ec739d70e95dd780531fb7eb5142979
SSDEEP

12288:HSUUEfo5I6/o2qgkpUdi9Msme0CWUdOWk4F:HSTiWDvL6Rme0C0Wk4

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

obama224

Campaign

1669794048

C2

75.161.233.194:995

216.82.134.218:443

174.104.184.149:443

173.18.126.3:443

87.202.101.164:50000

172.90.139.138:2222

184.153.132.82:443

185.135.120.81:443

24.228.132.224:2222

87.223.84.190:443

178.153.195.40:443

24.64.114.59:2222

77.126.81.208:443

75.99.125.235:2222

173.239.94.212:443

98.145.23.67:443

109.177.245.176:2222

72.200.109.104:443

12.172.173.82:993

82.11.242.219:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  12099 Dec 01.lnk
- Size
  
  953B
- MD5
  
  b71c5c29e3aa07a3051464f4ca39c72c
- SHA1
  
  b37b40da060932ab2986ccb1546bf2d3c4890cf3
- SHA256
  
  e8eea57788633710619a24bd72f7f99fbdfbb5efb46dbb21d746235f453f0ea5
- SHA512
  
  6e806c26caa1868ca8a8214984bf67fdacfda078ca3a153cd09a9e30f980ef5e46aad797e009d2202d9a4b08661cb999f6b489c8e5e5b2650997e40600693f7c
Score

10^/10

qakbot obama224 1669794048 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral1 behavioral2
- Target
  
  161.dll
- Size
  
  600KB
- MD5
  
  7e0d3db8bc82120bb2e3fd6331e2316e
- SHA1
  
  4be555dad631c9806ef12d450c14e2d68c24ea66
- SHA256
  
  5774320ea6f7dfcf17b439739960f4bae5c852b8b30396934c75cf64a556312a
- SHA512
  
  ec0a62863a68b86f6c577c91bbb1793d3dd9d5bae1531077e5e4b3a72c2d948b4dc9f92242132e29c98bf19858ca886806891dffd1294b5a8e32e760bd046df8
- SSDEEP
  
  12288:QSUUEfo5I6/o2qgkpUdi9Msme0CWUdOWk4F:QSTiWDvL6Rme0C0Wk4
Score

1^/10
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4