qakbot | 5517f176fbd908ab99f0afe8980ce9e118cf89ba982dde9d403f47e9c5f4a8b8

Sharing

Copy URL

Twitter E-mail

General

Target

TE04.7z
Size

329KB
Sample

221207-hjs3radd85
MD5

d3c13daff201f55c94bee220135ee954
SHA1

0e2714430b60be38535cb5173442fb57ade8ad9b
SHA256

5517f176fbd908ab99f0afe8980ce9e118cf89ba982dde9d403f47e9c5f4a8b8
SHA512

4f339ae35b0df5a5c89b55ea3293608fb8d20f41155f35d38b96f9d4cfcb1a15d1d522869d9d17e17d2ae4149aaa4e271d5076968476322ee38997b35db29cbe
SSDEEP

6144:JsGzvEGQfiZutWrBAJK8opx40UeQNWLO4bPmfSb184af/6gOv:iGDQK46q0CNWLpjmc18dqv

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

obama226

Campaign

1670237875

76.100.159.250:443

66.191.69.18:995

186.64.67.9:443

50.90.249.161:443

109.150.179.158:2222

92.149.205.238:2222

86.165.15.180:2222

41.44.19.36:995

78.17.157.5:443

173.18.126.3:443

75.99.125.235:2222

172.90.139.138:2222

27.99.45.237:2222

91.68.227.219:443

12.172.173.82:993

103.144.201.62:2078

12.172.173.82:990

173.239.94.212:443

91.169.12.198:32100

24.64.114.59:2222

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  TE04/Ref.lnk
- Size
  
  1KB
- MD5
  
  3c83e782ba4793d7b194af3d5b7f9981
- SHA1
  
  d33e0832cfc74f84348df11696110568d0b408de
- SHA256
  
  825f3a95e993738244d73871122e8763e4c676193151e560f5cc6f9a188167de
- SHA512
  
  64119134a80b0374232c2b47e6b8902dac55bec0d4648db7f26b8a7a706355d0c831e88fe243743dc34f466103c602155147ffb52c5096d30aaf97fe9e5f2c65
Score

10^/10

qakbot obama226 1670237875 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  TE04/syndrome/destructionist.cmd
- Size
  
  203B
- MD5
  
  4ab1a6ff3cfb1eb30f63bfc37350bf93
- SHA1
  
  c311091263a9e245ec26db0a2faa349e069e6676
- SHA256
  
  56e216d8e523b5836af40bb97f4284dbf32f9b7ffd27215d203da4867478f02b
- SHA512
  
  015dacaa62f167e36102fc9106c684f31d5a24a70afcbb77952e290ce8d25eee058adebffd389d9d41e3c5a6f1f0ff8bf17554e14c8b80655f3c26f42abe2249
Score

1^/10
behavioral3 behavioral4
- Target
  
  TE04/syndrome/dicta.tmp
- Size
  
  596KB
- MD5
  
  98b6b7eb3a0d889bdfd24130e72e8afd
- SHA1
  
  46be771ff368e840160bd5e03a45ec93d8fbc3ee
- SHA256
  
  bf3915a0a3e128b90d5f3c3173c4310e71d458d778d3bb7b9695c18892256120
- SHA512
  
  b36b8089b59390e3d39e10cedc28c485c317e4df3d01f669e56e817e1b3fb1fb069417c8e9e0022824fc74208b5bee727ad9441d0c5656f43cd3cc93789f67c2
- SSDEEP
  
  12288:4n8J739YoRmwZBY9bk8OlBf07A4QDXSAIdQFFF7:481FR7tVlDXScn
Score

3^/10
behavioral5 behavioral6
- Target
  
  TE04/syndrome/dracula.cmd
- Size
  
  308B
- MD5
  
  7f099ddafbff736bfda8eef8365f20ce
- SHA1
  
  6474123573496ae56747e8df01b21fe00043289b
- SHA256
  
  05cf835776fba30791b155a9bdfdb3bc245d3283bf6b844838a8a6938c94aec7
- SHA512
  
  2a356d3286f32ffdb025b81f871ffef87f65433ed60cced557921a634f9fd1b7fd0ffa05bec9ed46e9ebb000a34c0f69be6954e4ca9f849ca291a5f8c5b181f6
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8