Malware sandboxing report by Hatching Triage

General

Target

LG48.vhd
Size

2MB
Sample

221205-yqdjmsbd53
MD5

256fec95be295bcae1a17fc5576c46d9
SHA1

a0a5686450bb285586f7f2b9b91f17fb82bc984b
SHA256

dab71aa920bad2c39ec03be571f5ca971f5eede573b5ccf96fe6ee1b9b93ed73
SHA512

99f5b4565c2ff56da9fdbc3d0f88670b92ebbd269ebbb1ddb13adb7bf9e893fa1bdf57132ce772de9e5c55531e4ac368a1d5bcbec7e125f5ba9bb928de68cc1d
SSDEEP

24576:xzoHJHgGHHHHIwPwBgBVwNqGDKkSYu5tjVi:xzoHJHgGHHHHIwPwBgLgqsK15tjM

Score

10^/10

Malware Config

Extracted

Family	qakbot
Version	404.46
Botnet	BB09
Campaign	1670238005
C2	76.100.159.250:443 66.191.69.18:995 186.64.67.9:443 50.90.249.161:443 109.150.179.158:2222 92.149.205.238:2222 86.165.15.180:2222 41.44.19.36:995 78.17.157.5:443 173.18.126.3:443 75.99.125.235:2222 172.90.139.138:2222 27.99.45.237:2222 91.68.227.219:443 12.172.173.82:993 103.144.201.62:2078 12.172.173.82:990 173.239.94.212:443 91.169.12.198:32100 24.64.114.59:2222 74.66.134.24:443 93.164.248.234:443 83.92.85.93:443 78.69.251.252:2222 190.134.138.61:443 2.99.47.198:2222 73.223.248.31:443 12.172.173.82:995 94.63.65.146:443 80.13.179.151:2222 70.120.228.205:2083 216.196.245.102:2078 31.167.254.199:995 89.129.109.27:2222 69.119.123.159:2222 91.254.230.18:443 64.121.161.102:443 38.166.242.12:2087 12.172.173.82:465 75.143.236.149:443 81.229.117.95:2222 74.92.243.113:50000 183.82.100.110:2222 75.98.154.19:443 193.154.202.210:443 121.122.99.223:995 70.115.104.126:995 213.67.255.57:2222 213.91.235.146:443 37.14.229.220:2222 76.80.180.154:995 62.31.130.138:465 89.115.196.99:443 2.83.12.243:443 85.152.152.46:443 188.48.123.229:995 90.104.22.28:2222 201.210.107.223:993 47.41.154.250:443 50.68.204.71:995 84.215.202.22:443 85.241.180.94:443 92.189.214.236:2222 103.55.67.180:443 90.89.95.158:2222 86.217.250.15:2222 72.68.175.55:2222 86.190.16.164:443 136.244.25.165:443 65.30.139.145:995 73.161.176.218:443 199.83.165.233:443 98.145.23.67:443 84.35.26.14:995 24.64.114.59:3389 50.68.204.71:443 102.46.139.82:993 71.247.10.63:995 149.126.159.106:443 58.162.223.233:443 216.196.245.102:2083 184.155.91.69:443 87.99.116.47:443 81.131.210.167:443 103.141.50.117:995 184.176.154.83:995 92.207.132.174:2222 142.161.27.232:2222 176.142.207.63:443 184.153.132.82:443 108.6.249.139:443 69.133.162.35:443 76.20.42.45:443 139.216.164.122:443 24.206.27.39:443 12.172.173.82:21 77.86.98.236:443 50.68.204.71:993 88.126.94.4:50000 85.245.221.87:2078 190.206.70.80:2222 87.221.197.110:2222 83.7.54.186:443 87.223.91.46:443 78.100.230.10:995 181.164.194.228:443 174.101.111.4:443 75.115.14.189:443 86.225.214.138:2222 58.247.115.126:995 86.96.75.237:2222 105.103.56.28:2078 198.2.51.242:993 174.104.184.149:443 105.103.56.28:990 24.64.114.59:61202 93.24.192.142:20 2.14.82.210:2222 90.116.219.167:2222 76.100.159.250:443 66.191.69.18:995 186.64.67.9:443 50.90.249.161:443 109.150.179.158:2222 92.149.205.238:2222 86.165.15.180:2222 41.44.19.36:995 78.17.157.5:443 173.18.126.3:443 75.99.125.235:2222 172.90.139.138:2222 27.99.45.237:2222 91.68.227.219:443 12.172.173.82:993 103.144.201.62:2078 12.172.173.82:990 173.239.94.212:443 91.169.12.198:32100 24.64.114.59:2222 74.66.134.24:443 93.164.248.234:443 83.92.85.93:443 78.69.251.252:2222 190.134.138.61:443 2.99.47.198:2222 73.223.248.31:443 12.172.173.82:995 94.63.65.146:443 80.13.179.151:2222 70.120.228.205:2083 216.196.245.102:2078 31.167.254.199:995 89.129.109.27:2222 69.119.123.159:2222 91.254.230.18:443 64.121.161.102:443 38.166.242.12:2087 12.172.173.82:465 75.143.236.149:443 81.229.117.95:2222 74.92.243.113:50000 183.82.100.110:2222 75.98.154.19:443 193.154.202.210:443 121.122.99.223:995 70.115.104.126:995 213.67.255.57:2222 213.91.235.146:443 37.14.229.220:2222 76.80.180.154:995 62.31.130.138:465 89.115.196.99:443 2.83.12.243:443 85.152.152.46:443 188.48.123.229:995 90.104.22.28:2222 201.210.107.223:993 47.41.154.250:443 50.68.204.71:995 84.215.202.22:443 85.241.180.94:443 92.189.214.236:2222 103.55.67.180:443 90.89.95.158:2222 86.217.250.15:2222 72.68.175.55:2222 86.190.16.164:443 136.244.25.165:443 65.30.139.145:995 73.161.176.218:443 199.83.165.233:443 98.145.23.67:443 84.35.26.14:995 24.64.114.59:3389 50.68.204.71:443 102.46.139.82:993 71.247.10.63:995 149.126.159.106:443 58.162.223.233:443 216.196.245.102:2083 184.155.91.69:443 87.99.116.47:443 81.131.210.167:443 103.141.50.117:995 184.176.154.83:995 92.207.132.174:2222 142.161.27.232:2222 176.142.207.63:443 184.153.132.82:443 108.6.249.139:443 69.133.162.35:443 76.20.42.45:443 139.216.164.122:443 24.206.27.39:443 12.172.173.82:21 77.86.98.236:443 50.68.204.71:993 88.126.94.4:50000 85.245.221.87:2078 190.206.70.80:2222 87.221.197.110:2222 83.7.54.186:443 87.223.91.46:443 78.100.230.10:995 181.164.194.228:443 174.101.111.4:443 75.115.14.189:443 86.225.214.138:2222 58.247.115.126:995 86.96.75.237:2222 105.103.56.28:2078 198.2.51.242:993 174.104.184.149:443 105.103.56.28:990 24.64.114.59:61202 93.24.192.142:20 2.14.82.210:2222 90.116.219.167:2222
Attributes	salt SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  HG.lnk
- Size
  
  1KB
- MD5
  
  fbb437f912ab97ae5f0fdc6cc76c8fef
- SHA1
  
  a179f76893355a8ff05bc7f3576fa1f5b9194982
- SHA256
  
  36a24720c23d86511b2855440082c28f695e12f55327efef3e97142cfe80a54c
- SHA512
  
  984f7abbde02ce5d491e8abb20dbb06ecbb8583437e3e5c2f5cc91798d8c8bb8d51a5f4f52edcfe7c11e74997cb51efc296b0f634f5f65589c5278a47cc323da
Score

10^/10

qakbot bb09 1670238005 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  discoveries/dispersers.cmd
- Size
  
  291B
- MD5
  
  0113de80cf8c28384998b91527148ca4
- SHA1
  
  24a2564b57b49dcf65402a776422173aa8b2b86a
- SHA256
  
  feb1857e7ce32fbee82dfa8a0f4d53deed9a7ea841122cd4a8c84c5d43c61439
- SHA512
  
  eefb2612b57921bbc8fcf80ae7ceb61844f2a509d03e3e19a02d9736dd63f5d1bde735c552e990d5332e874d8394ed442fb1c94fb13dc17eba172de96c63e007
Score

1^/10
behavioral3 behavioral4
- Target
  
  discoveries/erect.tmp
- Size
  
  667KB
- MD5
  
  e8d95feadab525fb0d43b040a02e05ab
- SHA1
  
  1e22feca8821afccc712455b6bce10dfdc95728a
- SHA256
  
  c6887e515b36694e8e738c0df7610014e084bcce80ee13c998087471daf039a4
- SHA512
  
  f154e2e188fd96e3a20c713a07f3afed35e96810e8810616b1bb86ee1677d9ceb4eaae0a9b52066442e04c489e6395b59f642bf83976b4c68caea0c5b9bd6b9d
- SSDEEP
  
  6144:JxE9vbMKBWrQXhjXNkXWaw0SeUK/SZmtoLOAuUW4xSY2H6+5tjesNMjuX+yM3H59:nV6Wrg9NqGcUKajSYu5tjz5niH9km
Score

1^/10
behavioral5 behavioral6
- Target
  
  discoveries/pests.cmd
- Size
  
  225B
- MD5
  
  54a0471de5cf99c55984b4574f580c6c
- SHA1
  
  c73c4f2bcf3d3efbe8129fdee3d51f3a30418fc0
- SHA256
  
  1f4a42651773cbef4b463ea466b760b1fafa24eaa629743152090e9f102884c4
- SHA512
  
  2ccde80ce8cd872b4b74e4a715da70e58d4cdb00890f43467de3312ce6e4513da5256c1b89fc56ffeadbedab322ae06ac23aa568b570698355e86135dccf815c
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8