qakbot | 6b5cbe2f06bd326c2dd884c2852771d1a4a37e8a5e915301ff06e37b0fed8f02 | Triage

Resubmissions

08-10-2022 18:34

221008-w78d8sfbg6 10

08-10-2022 17:40

221008-v831gafbb5 1

Sharing

General

Target

c625a4b7-29ac-449e-a26c-3c23e734b6f0.html
Size

902KB
Sample

221008-w78d8sfbg6
MD5

ccac45f1b5f6ed78c79e9664cf94061c
SHA1

4002f24d14241e295e60eb84e9fb1c8f44d2e1e7
SHA256

6b5cbe2f06bd326c2dd884c2852771d1a4a37e8a5e915301ff06e37b0fed8f02
SHA512

b8b38413c400b02dd739dfd3871d8ea92ecbf7e9dfdbd9e56fc1d09262fa1b08017d3d8a4722e10166b549e80a74d5fc9a748dfd068bac93fb1927b58f5048c6
SSDEEP

12288:wv7zjoA2MUv/EAAs0W6D3LjpDepyVYDUNPKfTMNVU37CCJE6sq26:ez0/BHFAsS/ZebUlKfT0oWp6

Score

10^/10

qakbot banker persistence stealer trojan

Malware Config

Extracted

Family

qakbot

C2

156.36.22.250:12263

73.225.210.175:40922

19.138.81.187:38748

191.101.43.136:10968

145.20.244.169:39814

74.30.254.35:15530

138.94.26.23:49965

218.175.98.133:15428

181.245.40.43:1982

24.10.174.212:30807

253.219.195.173:1546

51.182.7.163:21304

191.68.117.56:28754

246.29.132.217:16625

149.181.112.217:33637

136.20.21.112:41199

80.65.15.199:35765

0.222.227.111:63041

209.240.1.52:53226

66.57.60.202:19263

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  c625a4b7-29ac-449e-a26c-3c23e734b6f0.html
- Size
  
  902KB
- MD5
  
  ccac45f1b5f6ed78c79e9664cf94061c
- SHA1
  
  4002f24d14241e295e60eb84e9fb1c8f44d2e1e7
- SHA256
  
  6b5cbe2f06bd326c2dd884c2852771d1a4a37e8a5e915301ff06e37b0fed8f02
- SHA512
  
  b8b38413c400b02dd739dfd3871d8ea92ecbf7e9dfdbd9e56fc1d09262fa1b08017d3d8a4722e10166b549e80a74d5fc9a748dfd068bac93fb1927b58f5048c6
- SSDEEP
  
  12288:wv7zjoA2MUv/EAAs0W6D3LjpDepyVYDUNPKfTMNVU37CCJE6sq26:ez0/BHFAsS/ZebUlKfT0oWp6
Score

10^/10

qakbot banker persistence stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotbankerpersistencestealertrojan