qakbot | 489cc0ce8393870d0c7b01891d56e267cecc2edce79e774af996cdcf4fbda411

General

Target

Original4030.iso
Size

634KB
Sample

221018-vsmzbaggfk
MD5

0605c80ce3da18c57a339730981349a6
SHA1

81d81119a0ccaa1011c9f14f87e4759a0c3cd2c7
SHA256

489cc0ce8393870d0c7b01891d56e267cecc2edce79e774af996cdcf4fbda411
SHA512

5875ae8c97cfe5cdfdf365d16fec29a4aff3153f258beae050049e899f985000277b0bb6502ee7a784812791e9051c9991c593721eb8e366e01ff2b425b4162e
SSDEEP

12288:PptV8uc0KS9gpC1GIBv9PmgfKP1KJqbr:PpI2Krp9IaTYJqbr

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

403.973

Botnet

BB03

Campaign

1666073717

C2

190.199.99.171:993

41.69.192.245:443

167.58.254.85:443

206.1.172.1:443

5.163.177.234:443

134.35.0.103:443

105.96.221.136:443

41.101.100.7:443

186.177.93.18:2222

78.179.135.247:443

177.205.74.14:2222

102.47.218.41:443

102.156.149.226:443

41.250.48.206:443

41.107.58.251:443

187.198.16.39:443

193.201.187.64:443

41.102.134.89:443

102.159.77.134:995

105.159.49.123:995

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Originals.lnk
- Size
  
  1KB
- MD5
  
  66a8168164f88a724e0a6b0a34d39842
- SHA1
  
  125017cb152593ecf1a168f785f80bd809ab91af
- SHA256
  
  35a446d6961e2dfac55be5c60713e86172e5746bc984002a6d04747b66578731
- SHA512
  
  8276bc76ce7de48b6116801caeacf35d1dd573f733b7de52d60bb5e9893511381123b0aee2d7927c6c1421ffa35e84802fa665369b0f4c629268484d12aaade9
Score

10^/10

qakbot bb03 1666073717 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  carcasses/peg.des
- Size
  
  561KB
- MD5
  
  955bc30695dd32875e5b1f3c6517b935
- SHA1
  
  9b5c5d21a15a7e66cc897299296d9f05b0d7d1b9
- SHA256
  
  319b660e3224b3c5f9ec19645ef1b05c8c91f70ebe3235d55d4c86f47eccdbbd
- SHA512
  
  24f8c0c97bd40520be5499648967c653ea92a1927f833b8d758788242329fec949aefb36b394ba559becfedf799e0ad07c579ad38d7dfb2b1608def27504471d
- SSDEEP
  
  6144:ypIe6W8uc0KxlK9gpC1d88LKXeAOkuL9P5Qt6frqLwYzbn4NKToC2HD9qFmq:yptV8uc0KS9gpC1GIBv9PmgfKP1KJq
Score

10^/10

qakbot bb03 1666073717 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral3 behavioral4
- Target
  
  carcasses/virtuosity.cmd
- Size
  
  402B
- MD5
  
  f7494e15a823df4497d98e875709aa46
- SHA1
  
  4b292cab5508d8a0c3a6f5b005031e292ba54f19
- SHA256
  
  a4cfc0f90711d94416229c3ab08e541d0eff351e00af393a5ad994a21c0e50b9
- SHA512
  
  ce2dc897dd3418bef5b2e0591a25a1b1e4b6962f9351144e0774e2d932466fd9e3ad261c5b6af4819d52c62c1024f94e78c6c2333be03c2b62609387ad821bb2
Score

1^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6