Malware sandboxing report by Hatching Triage

General

Target

12099 Dec 01.vhd
Size

80MB
Sample

221202-txan4she2y
MD5

c801fef5cc4eab7c14fbe84be95b6e86
SHA1

73c8d05661752bf32b67a48c98759053fe7b2d07
SHA256

c4820e71333cd9030cf7ff75f81b1c60204e8b8eec4a13925cc1088e72ec9f9d
SHA512

c4f81855e91b317734ae762c872c66f7276fa58c10c072cc909444f8adea4f79820c6fb4b79e56ef34daa877c002c4e04ec739d70e95dd780531fb7eb5142979
SSDEEP

12288:HSUUEfo5I6/o2qgkpUdi9Msme0CWUdOWk4F:HSTiWDvL6Rme0C0Wk4

Score

10^/10

Malware Config

Extracted

Family	qakbot
Version	404.46
Botnet	obama224
Campaign	1669794048
C2	75.161.233.194:995 216.82.134.218:443 174.104.184.149:443 173.18.126.3:443 87.202.101.164:50000 172.90.139.138:2222 184.153.132.82:443 185.135.120.81:443 24.228.132.224:2222 87.223.84.190:443 178.153.195.40:443 24.64.114.59:2222 77.126.81.208:443 75.99.125.235:2222 173.239.94.212:443 98.145.23.67:443 109.177.245.176:2222 72.200.109.104:443 12.172.173.82:993 82.11.242.219:443 92.149.205.238:2222 183.82.100.110:2222 176.142.207.63:443 92.24.200.226:995 69.119.123.159:2222 91.169.12.198:32100 64.121.161.102:443 124.122.55.68:443 12.172.173.82:995 85.231.105.49:2222 94.63.65.146:443 176.133.4.230:995 213.67.255.57:2222 90.89.95.158:2222 156.217.158.177:995 88.126.94.4:50000 87.57.13.215:443 102.159.83.36:443 121.122.99.223:995 216.196.245.102:2222 12.172.173.82:465 78.69.251.252:2222 76.80.180.154:995 75.143.236.149:443 109.11.175.42:2222 221.161.103.6:443 74.92.243.113:50000 75.98.154.19:443 47.41.154.250:443 49.175.72.56:443 81.229.117.95:2222 92.189.214.236:2222 83.92.85.93:443 108.162.6.34:443 84.35.26.14:995 136.232.184.134:995 188.54.99.243:995 93.24.192.142:20 75.84.234.68:443 71.31.101.183:443 80.13.179.151:2222 184.155.91.69:443 76.100.159.250:443 24.64.114.59:3389 46.246.245.152:995 70.115.104.126:995 197.2.209.208:995 50.90.249.161:443 70.66.199.12:443 216.196.245.102:2083 182.66.197.35:443 142.161.27.232:2222 76.127.192.23:443 92.207.132.174:2222 174.77.209.5:443 12.172.173.82:21 199.83.165.233:443 74.66.134.24:443 77.86.98.236:443 90.104.22.28:2222 71.247.10.63:50003 108.6.249.139:443 184.176.154.83:995 81.198.136.151:995 80.0.74.165:443 71.247.10.63:995 174.58.146.57:443 69.133.162.35:443 50.68.204.71:995 24.64.114.59:61202 47.34.30.133:443 12.172.173.82:50001 75.158.15.211:443 216.196.245.102:2078 181.164.194.228:443 193.154.207.221:443 213.191.164.70:443 197.92.135.188:443 172.117.139.142:995 76.20.42.45:443 24.64.114.59:2078 73.36.196.11:443 58.247.115.126:995 73.155.10.79:443 92.98.72.220:2222 84.113.121.103:443 2.50.47.109:443 12.172.173.82:990 106.212.18.255:995 98.147.155.235:443 92.106.70.62:2222 108.44.207.232:443 24.206.27.39:443 130.43.99.103:995 50.68.204.71:993 71.46.234.171:443 108.162.6.34:995 24.142.218.202:443 166.62.145.54:443 75.161.233.194:995 216.82.134.218:443 174.104.184.149:443 173.18.126.3:443 87.202.101.164:50000 172.90.139.138:2222 184.153.132.82:443 185.135.120.81:443 24.228.132.224:2222 87.223.84.190:443 178.153.195.40:443 24.64.114.59:2222 77.126.81.208:443 75.99.125.235:2222 173.239.94.212:443 98.145.23.67:443 109.177.245.176:2222 72.200.109.104:443 12.172.173.82:993 82.11.242.219:443 92.149.205.238:2222 183.82.100.110:2222 176.142.207.63:443 92.24.200.226:995 69.119.123.159:2222 91.169.12.198:32100 64.121.161.102:443 124.122.55.68:443 12.172.173.82:995 85.231.105.49:2222 94.63.65.146:443 176.133.4.230:995 213.67.255.57:2222 90.89.95.158:2222 156.217.158.177:995 88.126.94.4:50000 87.57.13.215:443 102.159.83.36:443 121.122.99.223:995 216.196.245.102:2222 12.172.173.82:465 78.69.251.252:2222 76.80.180.154:995 75.143.236.149:443 109.11.175.42:2222 221.161.103.6:443 74.92.243.113:50000 75.98.154.19:443 47.41.154.250:443 49.175.72.56:443 81.229.117.95:2222 92.189.214.236:2222 83.92.85.93:443 108.162.6.34:443 84.35.26.14:995 136.232.184.134:995 188.54.99.243:995 93.24.192.142:20 75.84.234.68:443 71.31.101.183:443 80.13.179.151:2222 184.155.91.69:443 76.100.159.250:443 24.64.114.59:3389 46.246.245.152:995 70.115.104.126:995 197.2.209.208:995 50.90.249.161:443 70.66.199.12:443 216.196.245.102:2083 182.66.197.35:443 142.161.27.232:2222 76.127.192.23:443 92.207.132.174:2222 174.77.209.5:443 12.172.173.82:21 199.83.165.233:443 74.66.134.24:443 77.86.98.236:443 90.104.22.28:2222 71.247.10.63:50003 108.6.249.139:443 184.176.154.83:995 81.198.136.151:995 80.0.74.165:443 71.247.10.63:995 174.58.146.57:443 69.133.162.35:443 50.68.204.71:995 24.64.114.59:61202 47.34.30.133:443 12.172.173.82:50001 75.158.15.211:443 216.196.245.102:2078 181.164.194.228:443 193.154.207.221:443 213.191.164.70:443 197.92.135.188:443 172.117.139.142:995 76.20.42.45:443 24.64.114.59:2078 73.36.196.11:443 58.247.115.126:995 73.155.10.79:443 92.98.72.220:2222 84.113.121.103:443 2.50.47.109:443 12.172.173.82:990 106.212.18.255:995 98.147.155.235:443 92.106.70.62:2222 108.44.207.232:443 24.206.27.39:443 130.43.99.103:995 50.68.204.71:993 71.46.234.171:443 108.162.6.34:995 24.142.218.202:443 166.62.145.54:443
Attributes	salt SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  12099 Dec 01.lnk
- Size
  
  953B
- MD5
  
  b71c5c29e3aa07a3051464f4ca39c72c
- SHA1
  
  b37b40da060932ab2986ccb1546bf2d3c4890cf3
- SHA256
  
  e8eea57788633710619a24bd72f7f99fbdfbb5efb46dbb21d746235f453f0ea5
- SHA512
  
  6e806c26caa1868ca8a8214984bf67fdacfda078ca3a153cd09a9e30f980ef5e46aad797e009d2202d9a4b08661cb999f6b489c8e5e5b2650997e40600693f7c
Score

10^/10

qakbot obama224 1669794048 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral1 behavioral2
- Target
  
  161.dll
- Size
  
  600KB
- MD5
  
  7e0d3db8bc82120bb2e3fd6331e2316e
- SHA1
  
  4be555dad631c9806ef12d450c14e2d68c24ea66
- SHA256
  
  5774320ea6f7dfcf17b439739960f4bae5c852b8b30396934c75cf64a556312a
- SHA512
  
  ec0a62863a68b86f6c577c91bbb1793d3dd9d5bae1531077e5e4b3a72c2d948b4dc9f92242132e29c98bf19858ca886806891dffd1294b5a8e32e760bd046df8
- SSDEEP
  
  12288:QSUUEfo5I6/o2qgkpUdi9Msme0CWUdOWk4F:QSTiWDvL6Rme0C0Wk4
Score

1^/10
behavioral3 behavioral4

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

System Information Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4