qakbot | 5ffd1c2cf286a7cc5d1914e6ccf8d8b5b5a65c5a7fc2af9af54106ca5a09918e

General

Target

Original1288.iso
Size

634KB
Sample

221019-r4vxhscca7
MD5

cd02584f3cf68cb879bac9557f3d74c9
SHA1

4b8e6787d0a664e1721da79c2697be61aa9d419e
SHA256

5ffd1c2cf286a7cc5d1914e6ccf8d8b5b5a65c5a7fc2af9af54106ca5a09918e
SHA512

fec126232f4d8caae911c257bd6de12f77cfef5c5249cca52a167fc221518a3cc31731f7f78c45566323aec454006b341956ac5cc2a112095989e9facd7dd9db
SSDEEP

12288:4rXptV8uc0KS9gpC1GIpv9PmgfKP1KJq:4rXpI2Krp9IyTYJq

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

403.973

Botnet

BB03

Campaign

1666073717

C2

190.199.99.171:993

41.69.192.245:443

167.58.254.85:443

206.1.172.1:443

5.163.177.234:443

134.35.0.103:443

105.96.221.136:443

41.101.100.7:443

186.177.93.18:2222

78.179.135.247:443

177.205.74.14:2222

102.47.218.41:443

102.156.149.226:443

41.250.48.206:443

41.107.58.251:443

187.198.16.39:443

193.201.187.64:443

41.102.134.89:443

102.159.77.134:995

105.159.49.123:995

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Originals.lnk
- Size
  
  1KB
- MD5
  
  8c074a8ba5ea426a79034dbc3e1cc482
- SHA1
  
  a0d695453a0b54c2117d08ecc38109718850e72b
- SHA256
  
  2f8c61ba1e75207223adefa39624ad0df9a1578c3d7ee713865d18c2f8dc0e1a
- SHA512
  
  55db273787c42177f9aacfe63f1f383be55ff0434c577aaf0451ac3541e5b19d73db8b00a7de2166e931af7fb8a37296b575b375793092481a4e687ac122caf8
Score

10^/10

qakbot bb03 1666073717 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  carcasses/bassoon.cmd
- Size
  
  366B
- MD5
  
  d8b962a7b8d1ddbccc2969f3bb0327e5
- SHA1
  
  a039b25a746ab80217581cb35947a4e2768dc7bf
- SHA256
  
  d7ed8d313f67c7b85ebd2baff82d633ab5d7cc9da8196edf6973729576be45d4
- SHA512
  
  e4c8a2d29255fd85be63facc7ad5c15e013d649613c8a301f96bd11f3c2521733293ee4fe85e7766c1598b0b1fd13f3669fc18c0b2e41dbddc3294a2cd4ee258
Score

1^/10
behavioral3 behavioral4
- Target
  
  carcasses/unextradited.des
- Size
  
  561KB
- MD5
  
  c0a85dc1b26d37e9811a9c29595d2a6d
- SHA1
  
  6c742e64f6ce3533143a453eb67f714a33a41e5c
- SHA256
  
  78ea0528d1ffe2591a69bb0a637fc234096fa29b55652c2490c571a845fa8801
- SHA512
  
  7ad5653ef71a096b2ff568868514d2f176851dea551b5b0341ba090a15caf919dc75a89f2488c720ee82e1815c3139c369e953ea28b467d6e69b4d39a8069842
- SSDEEP
  
  6144:ypIe6W8uc0KxlK9gpC1d88LKXWAOkuL9P5Qt6frqLwYzbn4NKToC2HD9qFmq:yptV8uc0KS9gpC1GIpv9PmgfKP1KJq
Score

10^/10

qakbot bb03 1666073717 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6