Malware sandboxing report by Hatching Triage

Resubmissions

06-12-2022 06:15

221206-gzxv7sbc77 3

02-12-2022 17:00

221202-vjcrzsbc51 10

Sharing

Copy URL

Twitter E-mail

General

Target

Claim_PE84.vhd
Size

2MB
Sample

221202-vjcrzsbc51
MD5

2fe68553beb0a7b084f1b349d6551d9c
SHA1

c7e8f7b9313e876b10623840989fb07c00203930
SHA256

edcb8d8e80eb826ec95ed9ccdc1d4470c3edd1782350187fc9bcd776c6d96095
SHA512

cf9d306a0948217c32dd865a1926c18405cb0e24aef2eadd4bdd81bf9376783fa1a44de90ddc0926e4e6f41094cff99869b325b6d22a200f8f8161ee177fc0a1
SSDEEP

24576:/wWw8wewswUwBw6gwsw3wTOZqHk2JajfRO8:/wWw8wewswUwBw6gwsw3waZaUY8

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

obama225

Campaign

1669974461

85.59.61.52:2222

66.191.69.18:995

186.64.67.9:443

174.104.184.149:443

91.165.188.74:50000

213.22.188.57:2222

173.18.126.3:443

90.89.95.158:2222

172.90.139.138:2222

78.100.230.10:995

184.153.132.82:443

41.100.146.58:443

85.152.152.46:443

75.99.125.235:2222

83.92.85.93:443

173.239.94.212:443

24.64.114.59:2222

74.66.134.24:443

98.145.23.67:443

213.67.255.57:2222

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Claim_PE84.vhd
- Size
  
  2MB
- MD5
  
  2fe68553beb0a7b084f1b349d6551d9c
- SHA1
  
  c7e8f7b9313e876b10623840989fb07c00203930
- SHA256
  
  edcb8d8e80eb826ec95ed9ccdc1d4470c3edd1782350187fc9bcd776c6d96095
- SHA512
  
  cf9d306a0948217c32dd865a1926c18405cb0e24aef2eadd4bdd81bf9376783fa1a44de90ddc0926e4e6f41094cff99869b325b6d22a200f8f8161ee177fc0a1
- SSDEEP
  
  24576:/wWw8wewswUwBw6gwsw3wTOZqHk2JajfRO8:/wWw8wewswUwBw6gwsw3waZaUY8
Score

3^/10
behavioral1 behavioral2
- Target
  
  Claim.lnk
- Size
  
  1KB
- MD5
  
  2f8f51992462ce218dfee554c976510e
- SHA1
  
  c92a3e2337bdd16f211299d0ae6b2336f9270a96
- SHA256
  
  e2f568bba1216700f7ac0a6ee76c742298485a90bdc80a2002798ba304e68b3a
- SHA512
  
  3a175e08f0bc6601952cb582e95ecadb0e89d57c5e7d59e27d5f7919056d13d087c424d9f3a32de6a974fd910536f0c9005ef8596fb07b5f4490daabb8f3e072
Score

10^/10

qakbot obama225 1669974461 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  respondents/advisement.txt
- Size
  
  287KB
- MD5
  
  630a60d58ac49dbdf0beb3c942320326
- SHA1
  
  ddde4b191d395681bc2176bbe9396f5ce23650a7
- SHA256
  
  8596b246ead10fce32b37b9b35b5477b4bd4e1052cbb7213f49fc984bb8dc501
- SHA512
  
  15d21b346578d2a3919b2af6a5e7fc0e43e8e8ba87305ccc18fe05029ccdd1abc45e9651cd6fd40f2c61bebaa85a317d7a3a7320a4f8ea3d89f084477115fbe0
- SSDEEP
  
  6144:zdGSnwpTS3vPwlkBnwcGSvjwiOVgNw8RtSkOhAnwKswruCdwswnFNwu:JwWw8wewiO4wCOAwBw6gwsw3wu
Score

1^/10
behavioral5 behavioral6
- Target
  
  respondents/crossbar.tmp
- Size
  
  444KB
- MD5
  
  5ddfeb10cd4a64cd2534f2d7d5876ffd
- SHA1
  
  270999d10c77d209a9f291f0bdb2596064f190fb
- SHA256
  
  8cb21de414adf9b4f81d2aaac1ba2e947f09a1913b4541d5ff59ef262efefa5d
- SHA512
  
  62422f2700c83f13c4480b54dc63373370764903a017f375afd590ba0ba5498f0c919ebc13732bbddab44b03c4340a2876320e95d505a728c9c62dee65420151
- SSDEEP
  
  12288:BWyGWZDZVFkHkmqnfsd5Ja46fDV3+QWc2:AOZqHk2JajfRO8
Score

10^/10

qakbot obama225 1669974461 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral7 behavioral8
- Target
  
  respondents/ibidem.cmd
- Size
  
  225B
- MD5
  
  44aa33a9891f351cf4be4105b0c343f5
- SHA1
  
  540533433c3eb095d8974ce5f7ef7986ef338ee7
- SHA256
  
  7a676b74f870a8e12a49d62a89f5fa13cc3b1f6e43d160436f4bec08dbfe6101
- SHA512
  
  e93c0876e485fd4d6e5456215a64fc550cb335f32fcfb914d1b205bb17bc63c5ee7333af225f46b34947731a369ab2e46c90a9892db9a03509f2ddec89a817d3
Score

1^/10
behavioral10 behavioral9
- Target
  
  respondents/suspect.cmd
- Size
  
  283B
- MD5
  
  99838a4fa2fbb0955a78f3fe97212626
- SHA1
  
  32a16917424cf9f98ffac8737b8293d268c27aec
- SHA256
  
  6ce73c1af6962cd08164173eeab0c367c069c2d0a583ef7f92ddbf3ef3a5bfa9
- SHA512
  
  1317ab6f713d897c5f4a445ee476440fe3140b13cc6f40fee4cdbe3f1d6d04c14c7f0ef8f2e83bdecacac1a54e55e87a1ee7547dae49520439379fd99a5215a7
Score

1^/10
behavioral11 behavioral12

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Query Registry

T1012

System Information Discovery

T1082

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12