qakbot | c0bf77decc25fb72ba050cf18db2c20da2288199d77f132a195706712c3de68f

General

Target

Contract1841.iso
Size

698KB
Sample

221020-16b2vsggdj
MD5

4df8b6ff0e8cb83928ddfb93962a2973
SHA1

d074e05c41913a18b17ef9d841e6602328b291f3
SHA256

c0bf77decc25fb72ba050cf18db2c20da2288199d77f132a195706712c3de68f
SHA512

6482b4f0e58e26f3a35a217fed6e194a6bdde419a9cbe9d5df2ea9e7d7f6bf2cca214b2d6924fdd1531b89ab52b02fbee7c0701a181f82706b06156fe43dbe4b
SSDEEP

12288:05zUU6VCu0L4yCLtaNExGapWYKv38dy9XRHPh3M4B90U6Zt:iQhVCPnCoApOv3q2hxM4BKZ

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

403.1051

Botnet

BB04

Campaign

1666265103

C2

102.156.82.38:995

152.170.17.136:443

216.131.22.236:995

70.173.248.13:443

14.246.151.175:443

160.179.32.101:995

118.175.242.26:995

186.188.80.202:443

41.69.181.145:443

156.220.14.160:993

201.68.209.47:32101

206.1.172.1:443

156.217.185.90:995

190.74.4.20:443

217.78.49.161:443

154.181.199.80:995

200.233.108.153:993

175.205.2.54:443

198.2.51.242:993

181.164.194.228:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Contract.lnk
- Size
  
  1KB
- MD5
  
  ad079ab2d276ebb2d1fd21c312470961
- SHA1
  
  d0df3afa594bfecfcf11cb93c2847462d6a1d661
- SHA256
  
  2525a45f8cd187363a9de42cbf14bc00c6d77ddb28246169a1dfa01a89cd9a9c
- SHA512
  
  14e5f59fddb33efa78b698e31706b9125c135f545c78ed6977f3bb571cd059f5b4e723ccf7ab1f1444a4dc68cef825094e33449cc2c49f4526d4c89765215493
Score

10^/10

qakbot bb04 1666265103 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  liveried/sufferer.ssd
- Size
  
  635KB
- MD5
  
  93abfce1ae568066c23b308f58e1c42c
- SHA1
  
  89d62453e3c9672171107246828667195852213a
- SHA256
  
  72a39e72f4034223b2f51411424333bbf88f9e60cdb91494281eefa006416928
- SHA512
  
  e7906b73155c861697a6aaf121b4238f574b6c4535614a0fc0e6c90e9513988733e4748988c013bbf9440d49a2c6eaf246df7bb0df19d21204f99ae7f448d424
- SSDEEP
  
  12288:Z5zUU6VCu0L4yCLtaNExGapWYKv38dy9XRHPh3M4B90U6Zt:fQhVCPnCoApOv3q2hxM4BKZ
Score

10^/10

qakbot bb04 1666265103 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral3 behavioral4
- Target
  
  liveried/waddling.cmd
- Size
  
  531B
- MD5
  
  84384a97a48d9912f857c615c979e012
- SHA1
  
  9312c34512827071b67cc2d446c803866bbc73f1
- SHA256
  
  b9be36314f1018d01251c8a9747721b185c2db13a4ae16103c3be7fa43e947bd
- SHA512
  
  4dc7fb7376253b0c6cf070acb1f9ad0f16f0fc743ce7dc49a21a49fe65a66de319911cc1996c7df4b28c3956faacfc6dec5a80a17c0bbf90c9c2cdee8535f568
Score

1^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6