Overview

overview

10

Static

static

3

VV.lnk

windows7-x64

10

VV.lnk

windows10-2004-x64

10

transitori...os.cmd

windows7-x64

1

transitori...os.cmd

windows10-2004-x64

1

transitori...ed.dll

windows7-x64

10

transitori...ed.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    QakBot-29.10.2022.zip

  • Size

    352KB

  • Sample

    241210-mxqxrsymdm

  • MD5

    27a3a1302720cc6d2ef36a1243caf8ee

  • SHA1

    ef2db9ce473647e736ece3ebe6ccd289f68dc0d6

  • SHA256

    e7c797dfae57a694228afadcb50c8364dad97ff988528ff88f5042c4ccebfd76

  • SHA512

    aa777139c2f09343987b95b33878cbc88a512a7f734a8f3397075d9bffa3e47aa84ea3dfd7e5330b7fc5aad7a87858ee151d41a9b6b156381df46ed6161f54d1

  • SSDEEP

    6144:uP9ZT/oyBUwU4W1F8LxQz5ZnZ1P8pd65lGjYjYC8qi5icBUggkRLeTdIF:EZbbD8omz5ZnZVVGjYjEKhgxV6Q

Score
10/10
qakbotbb041666690935bankerdiscoverystealertrojan

Malware Config

Extracted

Family

qakbot

Version

403.1051

Botnet

BB04

Campaign

1666690935

C2

181.164.194.228:443

24.116.45.121:443

190.74.248.136:443

24.206.27.39:443

27.110.134.202:995

2.88.206.121:443

71.199.168.185:443

200.233.108.153:995

198.2.51.242:993

172.117.139.142:995

70.115.104.126:443

144.202.15.58:443

190.24.45.24:995

24.9.220.167:443

58.247.115.126:995

193.3.19.137:443

45.230.169.132:995

68.62.199.70:443

43.241.159.238:443

113.162.196.232:443
Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

    • Target

      VV.lnk

    • Size

      1KB

    • MD5

      dd78eaba9cfff2ef3c12209ec96799d9

    • SHA1

      11ceaf7dd36ada07a949d7d1ce7329225bb57eda

    • SHA256

      025995aaf8dfe40a74123f41cde7bedb4294786421fc49fc34e83c77c2202b3e

    • SHA512

      0a3b93f2aca82ae83e3125514f42d42ccd95387f73a2b659250b0699c86cc547cc48cd7bd79601d6127f402e49fedb8cdc689bfcaa0dcd0f58d63907b8276f2f

    Score
    10/10
    qakbotbb041666690935bankerdiscoverystealertrojan

    • Qakbot family

      qakbot

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

      trojanbankerstealerqakbot

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      transitoriness/staccatos.cmd

    • Size

      629B

    • MD5

      9e812ca817b5fc3d4872417f1ac0a700

    • SHA1

      3731f19b9db2aab8f52336e284a4f4fa870ba26f

    • SHA256

      2ed71eb0bb12b209633b184873fea4b714c1cd7ae47a323a8b75a6ea17123d4e

    • SHA512

      34322116457daa96008aec6d3e9c8130a696529ec8502a5418e065c7a43f0510507c2e2017b4c7f4934b00234562977caf03b12f6a9b7f25b4095c9b16e0327c

    Score
    1/10
    behavioral3behavioral4

    • Target

      transitoriness/undried.dat

    • Size

      548KB

    • MD5

      6fa911212cf5fcbd3394cc6c050a4dfa

    • SHA1

      28cd9ba5de976632c7e8ab7bee42dfade8638600

    • SHA256

      e55547a4309ecf5b1b904894962e5465135bee4b0b51a0eec4d27840a8755a65

    • SHA512

      0c549d17b71667c7597802c1c2caa53cfe38210ef75f2ef31df250ef1276db8c5a234de4ae255c3744bdad051dd43cfb7292cdf0ecc8ce319ad18b0d4fbd608d

    • SSDEEP

      6144:MNNoyulCPqzAzdZAp0A0YEfPCAOYlUAkr99pY8pC6un/7CXQhd5tuolTvBY+YPFE:WICPFBdAA62kRBY6un/7CXQBxOFELZ

    Score
    10/10
    qakbotbb041666690935bankerdiscoverystealertrojan
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks