Overview

overview

10

Static

static

11168 Dec 01.lnk

windows7-x64

10

11168 Dec 01.lnk

windows10-2004-x64

10

194.dll

windows7-x64

1

194.dll

windows10-2004-x64

1

Resubmissions

09-12-2022 15:07

221209-shr46sgc6z 1

09-12-2022 07:44

221209-jk35safe7s 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    11168 Dec 01.vhd

  • Size

    80.0MB

  • Sample

    221209-jk35safe7s

  • MD5

    fad5b3b56d309a1d8ebea42e81937ac3

  • SHA1

    10a641e98273e1a9e74e7f7a08d1b83b7bfdf70b

  • SHA256

    74f9023b2e303fd7e7f11c9988115579add15c40a6ed07b9bf67182bc02918eb

  • SHA512

    c1a18e5d5bd4a5d1ff18092ef190e119500b27d325a86cda50d228aea266f2dcc37af6b3b02c3c2978e34c02a73e184a52e1a4fdc2fa2d896c73cf8e2db0d0d2

  • SSDEEP

    12288:MSUUEfo5I6/o2qgkpUdc9Msme0CWUdOWk4F:MSTiWDvL8Rme0C0Wk4

Score
10/10
qakbotobama2241669794048bankerstealertrojan

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

obama224

Campaign

1669794048

C2

75.161.233.194:995

216.82.134.218:443

174.104.184.149:443

173.18.126.3:443

87.202.101.164:50000

172.90.139.138:2222

184.153.132.82:443

185.135.120.81:443

24.228.132.224:2222

87.223.84.190:443

178.153.195.40:443

24.64.114.59:2222

77.126.81.208:443

75.99.125.235:2222

173.239.94.212:443

98.145.23.67:443

109.177.245.176:2222

72.200.109.104:443

12.172.173.82:993

82.11.242.219:443
Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      11168 Dec 01.lnk

    • Size

      953B

    • MD5

      e5952ccc482f8032a5e3f84427729eee

    • SHA1

      39abf92ecdff3c0a3c695c79d092c923f653ed5b

    • SHA256

      0dc3452bd7277348c075df555f55e2aebfee4a40567d0d85cfa190a878cb2332

    • SHA512

      8799a56941e98fb614c785bdac3e0c4fdf34521e9d4e6c5bb639c6a9fc638da87c580bfd742bf5ebf532bd5b9508bad371b476832e8b6dd3b291ceb3181333ec

    Score
    10/10
    qakbotobama2241669794048bankerstealertrojan

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

    • Target

      194.dll

    • Size

      600KB

    • MD5

      4921489da5dabe49feb8b1d4951e4e8a

    • SHA1

      29c6a5278101828ff9ec9b4cb65b47509715c8ef

    • SHA256

      1b786901f5ade0d0b869c545170270a94999f3f925a0029f3fe6308a803d66bf

    • SHA512

      f550f4453e093cadcf5d00492132cb168b82c5e182c6e11d48e1103908b609e4c284d9faefa4af407478629d59fd26332269d161a7a57d04142491abbfb3d3b5

    • SSDEEP

      12288:QSUUEfo5I6/o2qgkpUdc9Msme0CWUdOWk4F:QSTiWDvL8Rme0C0Wk4

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks