qakbot | 2fb300fa54859ae9d0e55a6db8908d18da513c93d6e34f01d092a6a436e448c6

General

Target

RA74.vhd
Size

2.0MB
Sample

221207-wygj6aaf81
MD5

3707e9c771a974506b056b49b27c846b
SHA1

bc62236678a714cbb2ceabefc527349e9b729d45
SHA256

2fb300fa54859ae9d0e55a6db8908d18da513c93d6e34f01d092a6a436e448c6
SHA512

26a8a491e952b60777fee9d161317b70e650da4df30f060c5c457f6196afb84d22b68b14634134ba2f9834fadf930d0b34598d4b8abde900aa7b596a6d430601
SSDEEP

12288:tbqRwzJRwK5n8S739YoRmwZBY9bk8OlBf07A4QDXSAIdQFFF7:tbqSzJRwK58+FR7tVlDXScn

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

obama226

Campaign

1670237875

C2

76.100.159.250:443

66.191.69.18:995

186.64.67.9:443

50.90.249.161:443

109.150.179.158:2222

92.149.205.238:2222

86.165.15.180:2222

41.44.19.36:995

78.17.157.5:443

173.18.126.3:443

75.99.125.235:2222

172.90.139.138:2222

27.99.45.237:2222

91.68.227.219:443

12.172.173.82:993

103.144.201.62:2078

12.172.173.82:990

173.239.94.212:443

91.169.12.198:32100

24.64.114.59:2222

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Ref.lnk
- Size
  
  1KB
- MD5
  
  3b15d9136dea320ca9439e9bcbd9cf07
- SHA1
  
  723642ab63a9deb3de4f321f084b810ba3e35785
- SHA256
  
  bdc4330217f2bf929d3a6e26961da921c138cbd6c0a71b03ddf5bbd30fe5a8e9
- SHA512
  
  a569731a3f1e0bb791da7443991703d975f596ff9868c838c26555ef2b53d759a00a68961daa58d25d86d5f1a8b719f424e5566924df9f93566b0fbb0ed8d75e
Score

10^/10

qakbot obama226 1670237875 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  buyer/actualities.cmd
- Size
  
  296B
- MD5
  
  5eac8c4a67043405038fe2c7968a8107
- SHA1
  
  4873948a0d13dbb8e72dbebf36659f3fc03a82c0
- SHA256
  
  a68efde0a96c7066dcdfa1557584927fe03be98266c31e70b05caffb5e319080
- SHA512
  
  707c124e66e85a43dbb60927a36c799345a3fa882e18d4bc5b07078a7c0c0990576f9cea35ee61d7e60287561e9591a849aad9ab871437fca0c4ebc21e38a76d
Score

1^/10
behavioral3 behavioral4
- Target
  
  buyer/mobbed.tmp
- Size
  
  596KB
- MD5
  
  54edac83f5458ce5be9a1f3f02f422e5
- SHA1
  
  db4667d4430e6082eb371b3be50e3cce09d762b7
- SHA256
  
  6b5f03f1e1ecbf54ddacf8527f332d76ab57d0f65088b0129d408e944272c806
- SHA512
  
  2701745b7f60dcf0dda9f7dd862fb19e8a86f4f2a1e74c7e381483714bb08ff620a4c74d4f3065c1dc4f997e038a16223e4bda4e6c36876dd29a131a5a313334
- SSDEEP
  
  12288:4n8S739YoRmwZBY9bk8OlBf07A4QDXSAIdQFFF7:48+FR7tVlDXScn
Score

3^/10
behavioral5 behavioral6
- Target
  
  buyer/persecutes.cmd
- Size
  
  203B
- MD5
  
  3bd1298e6ebe436415c07de1993f1096
- SHA1
  
  c184719a5aa9e11fa7cfe778b3a265e3e81ab91d
- SHA256
  
  f3a559b58df62c9f9dbf19d66bd81d1903831475e40ef8e937ca2ecf66cc0d12
- SHA512
  
  0188233ba4a7d0b50345bd94bd4bd7372ffbc20b17b9f71c59034f6064467b436d5808be5fceb5fd874c60d21449815bb31ea16bba387793cd842ac39eec565b
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8