qakbot | 5596dc2185901d13bbd40991e8dbae21b06d5f5f106d7954739718ac3d412a53

General

Target

Original9968.iso
Size

634KB
Sample

221019-qqwq8aacdr
MD5

eb857f88807119cbabf05c1b22b9fbeb
SHA1

dfd2d5e97331212fa98a676c157b174d9f7abb55
SHA256

5596dc2185901d13bbd40991e8dbae21b06d5f5f106d7954739718ac3d412a53
SHA512

f512fa9fa93a53c3b856fe7f21e374f78c8c93574149c9a96addabf1de2ce6332fddeb1018f0d755d1b8b19e7dff44be805841cd94b8a3f5290fb0291384d3ca
SSDEEP

12288:TptV8uc0KS9gpC1GIqv9PmgfKP1KJqnr:TpI2Krp9ILTYJqnr

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

403.973

Botnet

BB03

Campaign

1666073717

C2

190.199.99.171:993

41.69.192.245:443

167.58.254.85:443

206.1.172.1:443

5.163.177.234:443

134.35.0.103:443

105.96.221.136:443

41.101.100.7:443

186.177.93.18:2222

78.179.135.247:443

177.205.74.14:2222

102.47.218.41:443

102.156.149.226:443

41.250.48.206:443

41.107.58.251:443

187.198.16.39:443

193.201.187.64:443

41.102.134.89:443

102.159.77.134:995

105.159.49.123:995

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Originals.lnk
- Size
  
  1KB
- MD5
  
  5b20c4ff2f74fb557d2b6dc004285231
- SHA1
  
  ed30fd4d056500060e467898c33f7d51e15a451d
- SHA256
  
  88cf6c638b912634731c94007ae470e5ca426ab2ef0d455335f4d17c8cd63e5b
- SHA512
  
  39caac70327860981172054ff7ea62623cc6037bdbde6de4568bfa9046136e382e8685c2c4fcdf6435168f2e6de9cf03b8dab09d9765265abe29e27bf8b3a52d
Score

10^/10

qakbot bb03 1666073717 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  carcasses/full.des
- Size
  
  561KB
- MD5
  
  780c8b903eb2f4b57391c3dbe2d8ffa0
- SHA1
  
  c7ef52840015e00ea49e80d7bfe5b52abfcc93ca
- SHA256
  
  9eaa2e60e4285d5a36128ae4df77abb241befed30d3bbfdadc1925277e582c8a
- SHA512
  
  2afdc2364ff110002ae700f488f8e1ab74007887941c9b89aed277354fe1ccd56f8c36199b75b0b3386d66ec11fe4fc9af8a913fdfb6228b003f5415a07002a8
- SSDEEP
  
  6144:ypIe6W8uc0KxlK9gpC1d88LKXpAOkuL9P5Qt6frqLwYzbn4NKToC2HD9qFmq:yptV8uc0KS9gpC1GIqv9PmgfKP1KJq
Score

10^/10

qakbot bb03 1666073717 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral3 behavioral4
- Target
  
  carcasses/imams.cmd
- Size
  
  371B
- MD5
  
  6d0bf2f2e321cbeb8bab405200fbb78c
- SHA1
  
  afc4a5efa9bd3fe9aafeb39824c0ba0bbeaeb826
- SHA256
  
  fa8f76fefefba73d1f5f75210bd8974bd11c11c7ae88eff46315f083e9c68920
- SHA512
  
  3a54c39a0bbc412364bbec554a1802870a103cf2f1495d6ff1f647cbe03371a8e4dacb7a49b41c4459ea4e6aea72ea1e8f9552cef158f770143228d2f2971415
Score

1^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6