qakbot | 4bc097d307957ce960dba3cadc09c3d28f634369a2bda89f8d22f71dea39f978

General

Target

Cancellation#N26.iso
Size

102.7MB
Sample

221230-s721nsfh38
MD5

2c2a4c5faf82644f204beb7e66b59249
SHA1

f3b6bf8da0c0c00d2658eabde7f87396b7864f11
SHA256

4bc097d307957ce960dba3cadc09c3d28f634369a2bda89f8d22f71dea39f978
SHA512

1e8cffaeba5a6f2d525eafbeebcfeeee398ac7bc14f9e754dcf2015b232915c19df0f30cccc4fa2a3a473674b39443d1f23489e061ff08038666e44914215a9a
SSDEEP

24576:D9UiBqyTIUgN/nNEkcPHHHHYwgBHp8wOHeHwwHyCcPg:D9UiFPHHHHYwgBHp8wOHeHwwHZcPg

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.62

Botnet

obama233

Campaign

1671781480

C2

51.199.123.42:443

213.67.255.57:2222

70.51.134.110:2222

116.74.162.173:443

206.166.209.170:2222

193.154.124.4:443

65.30.139.145:995

92.189.214.236:2222

73.29.92.128:443

188.52.183.146:995

175.139.207.179:2222

190.78.77.15:993

162.248.14.107:443

184.153.132.82:443

199.83.165.233:443

12.172.173.82:995

12.172.173.82:50001

37.15.128.31:2222

178.142.126.181:443

176.142.207.63:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Cancellation#N26.iso
- Size
  
  102.7MB
- MD5
  
  2c2a4c5faf82644f204beb7e66b59249
- SHA1
  
  f3b6bf8da0c0c00d2658eabde7f87396b7864f11
- SHA256
  
  4bc097d307957ce960dba3cadc09c3d28f634369a2bda89f8d22f71dea39f978
- SHA512
  
  1e8cffaeba5a6f2d525eafbeebcfeeee398ac7bc14f9e754dcf2015b232915c19df0f30cccc4fa2a3a473674b39443d1f23489e061ff08038666e44914215a9a
- SSDEEP
  
  24576:D9UiBqyTIUgN/nNEkcPHHHHYwgBHp8wOHeHwwHyCcPg:D9UiFPHHHHYwgBHp8wOHeHwwHZcPg
Score

3^/10
behavioral1 behavioral2
- Target
  
  Cancellation-N26.wsf
- Size
  
  487B
- MD5
  
  1eb424ed65c282df367169d2c95f5e64
- SHA1
  
  ec82152577fd11be15c5a658077fe169d329d883
- SHA256
  
  86a065377605b5cd585054a42468517cb4e4b89c5d60a4beb732bb7b903dd158
- SHA512
  
  240c7c409cdb4b33e0a7c86bc92a66a443c1ff0c2d787935b6c8ee2af72dff76dbd94aa2696324f8230fac9a5fe8883974cbc495b95da2c4e28974cda1476cad
Score

10^/10

qakbot obama233 1671781480 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4