qakbot | ef94bb7e0c7a9bfe01c9796cb220cc49d030eb5db576bfae10ec6834b46906f1

General

Target

Original8114.iso
Size

634KB
Sample

221019-maabhafca3
MD5

05eb438250e14d73bdf813c52712f2cd
SHA1

238b3d34c46c3e9c4d7b5bff6a4b229861a6384d
SHA256

ef94bb7e0c7a9bfe01c9796cb220cc49d030eb5db576bfae10ec6834b46906f1
SHA512

3ef2cd0d490f5eb1edb482a7b3b74423cc29ebfc8ff0aa379c2709e1d93dbc7018f35be4393bd98a4a9c931e68e68fc627067d002f0ff07d4075adc5887bc018
SSDEEP

12288:JptV8uc0KS9gpC1GIlv9PmgfKP1KJqVr:JpI2Krp9I+TYJqVr

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

403.973

Botnet

BB03

Campaign

1666073717

C2

190.199.99.171:993

41.69.192.245:443

167.58.254.85:443

206.1.172.1:443

5.163.177.234:443

134.35.0.103:443

105.96.221.136:443

41.101.100.7:443

186.177.93.18:2222

78.179.135.247:443

177.205.74.14:2222

102.47.218.41:443

102.156.149.226:443

41.250.48.206:443

41.107.58.251:443

187.198.16.39:443

193.201.187.64:443

41.102.134.89:443

102.159.77.134:995

105.159.49.123:995

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Originals.lnk
- Size
  
  1KB
- MD5
  
  87cd74c4fb559ddf0461032d721f809f
- SHA1
  
  ec701d1d2560f96bc20f840db9286a3fd3d1052b
- SHA256
  
  e9652674f97912776b6ef13245fd09fa511c6507fd8bfec50f8414ce999af4d6
- SHA512
  
  1804a3f99ee1d9f60e3e41bfa2261566075183b42f5f6136e8aa02bc90cfd40ffd7143cf4ee3cf63fe132efeeeb6c85876c087f00eda751104d8adeac1d5c5d3
Score

10^/10

qakbot bb03 1666073717 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  carcasses/permissibility.des
- Size
  
  561KB
- MD5
  
  002699ac06452ddb5f5a24612d902c3a
- SHA1
  
  b35a7d12539d8ca3d23e75c934f539473ced5486
- SHA256
  
  043cbd1fff30490d3eff62325d90f86f1758d3312b146f1b562c487bcc093955
- SHA512
  
  f1fa9c5489a9eed7de1e4482402fe677cd356613b4b26a4c5fada05fe07324ad4544403325eb8c3125350952edbe0b1ac5fead1456dfe5518b9abc7aebe2561c
- SSDEEP
  
  6144:ypIe6W8uc0KxlK9gpC1d88LKXuAOkuL9P5Qt6frqLwYzbn4NKToC2HD9qFmq:yptV8uc0KS9gpC1GIlv9PmgfKP1KJq
Score

10^/10

qakbot bb03 1666073717 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral3 behavioral4
- Target
  
  carcasses/renovates.cmd
- Size
  
  423B
- MD5
  
  b2b17cc72ef7a7d0fb7279cfb69fc789
- SHA1
  
  872bdca781847abeb186993313f9fbf69989e28f
- SHA256
  
  9b3a8e592859342e0a2b3b340551e7083708a53a109a005fe49e5497c16283b1
- SHA512
  
  342a42f5edf069b74cf03736332ea6b43921dbf09692259f4658c291d373fc4e8bf656c98956e58e7fbb9911882edd471bf2f83a1fee319afcd07051e81a0a85
Score

1^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6