Malware sandboxing report by Hatching Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Claim_VA43.zip
Size

340KB
Sample

221205-g687tadc24
MD5

d92939cee7d6dfa2d1a81b27e77d4d29
SHA1

139982bb9f05e63acb4e2b07cf71a8dc47a289c2
SHA256

3add81df661ac839af450f5d23bb523c985d612be46cf3fee21213c12a177ea4
SHA512

87bf45c20b71d59cc25e13ed99ec93af5197e1f1e509377270ecde23dc25b4f2028e146a76c651fb27e759fc2d7f78c435c0dc6c7487a39b6efb2396b4452fc1
SSDEEP

6144:N583V7YI1mSPpeuWydPtYMb3dnooP2/zaIwcguiefFwDxFWrZe5YjEZ5JsAn8cGI:b8FBJeuWev3+yK3guQDxwe5YjEB8cGkd

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

obama225

Campaign

1669974461

85.59.61.52:2222

66.191.69.18:995

186.64.67.9:443

174.104.184.149:443

91.165.188.74:50000

213.22.188.57:2222

173.18.126.3:443

90.89.95.158:2222

172.90.139.138:2222

78.100.230.10:995

184.153.132.82:443

41.100.146.58:443

85.152.152.46:443

75.99.125.235:2222

83.92.85.93:443

173.239.94.212:443

24.64.114.59:2222

74.66.134.24:443

98.145.23.67:443

213.67.255.57:2222

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Claim_VA43/Claim.lnk
- Size
  
  1KB
- MD5
  
  52382b9ff4bb3a20c4cdd47157c82354
- SHA1
  
  71112f1fe1fd65072a2ac0587ac9f8ec97b08357
- SHA256
  
  4fb9d922825e7bf57d6d08cd8fe213e8f7a09e81ded12b16623df981cf328f4b
- SHA512
  
  258848a55fca4ab49a1c609e341f0aae2f95a4271a7b904cd88092976d25fa98618ba0e13f5ddbb782d90a769dad586c58a730abf3b0ce988eefc3428d14fb78
Score

10^/10

qakbot obama225 1669974461 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  Claim_VA43/elizabeth/appeal.tmp
- Size
  
  444KB
- MD5
  
  b6211857d1820eafb23533f1c7c85d69
- SHA1
  
  0e6b9c55461be182343c5b41f22478a6192d0bb6
- SHA256
  
  cdb5054cad1e68121b529340f0b37490bffb1eb6c7f7186dc01f8d7e9081d3a5
- SHA512
  
  23c71ea5954dbf7710a7b6519cbf9a7929a81dcc5685c985dd6b58ea54958b979f89cc4be37da22485f36344f52fe9d4a42fd8a680c8a981dc60bbc426d28b68
- SSDEEP
  
  12288:BWyGWZDZ9FkHkmqnfsd5Ja46fDV3+QWc2:AOZ6Hk2JajfRO8
Score

10^/10

qakbot obama225 1669974461 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral3 behavioral4
- Target
  
  Claim_VA43/elizabeth/avoiding.cmd
- Size
  
  231B
- MD5
  
  87c2039515bad30f39e91703dba92c1f
- SHA1
  
  8373525d59f973458a0716348bfbcff442f519ae
- SHA256
  
  8bd1b1354ea1a20f9bf7073b2cbdb7340d76ff0c312afe09fb2eea750ddf9f87
- SHA512
  
  79f0daf51dfd10e916af1a311e44f65904c4f06277b1b29eddeeef7d30abb4826697a85646f342f954e80c09a0baee2f20c929f8d2e680e62b0a42d8279edb27
Score

1^/10
behavioral5 behavioral6
- Target
  
  Claim_VA43/elizabeth/quill.cmd
- Size
  
  289B
- MD5
  
  f1dd476ff792c640945a21901988c957
- SHA1
  
  57543ec07ada751d7c104393b0ea33f15f1cbb6f
- SHA256
  
  224cb4a5898c0bd293bd61d89647f59ea0032d59e42ea1945a9e0812a0e83b22
- SHA512
  
  3283b7112f19784f230fe676abbcd07f884793a25fbf0b27f3d0f166e16f9bcb647ad3abd910c3882046d51f1e684cc24704bd5188d4dfbcfc19d6a440dff31a
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Query Registry

T1012

System Information Discovery

T1082

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8