qakbot | 341a087bc0f591b320d6c002e9eedd835310eaaf70c0151506c70c1120a237df

General

Target

Original4493.iso
Size

634KB
Sample

221020-q2grfafhbr
MD5

98bd2b2e6e61bca750754aa0d39223a4
SHA1

4c2afb2d328210d406474a81dd44b1e5a8694ef5
SHA256

341a087bc0f591b320d6c002e9eedd835310eaaf70c0151506c70c1120a237df
SHA512

a1a5a0c57575e6dbd14535f51945ecc068a23f10ffd90747441f87596a030c6c0d54007ef2b964777c940b2adb224a9a235f5a326ed963408eac72d0fe1d9494
SSDEEP

12288:AptV8uc0KS9gpC1GI4v9PmgfKP1KJqbr:ApI2Krp9I1TYJqbr

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

403.973

Botnet

BB03

Campaign

1666073717

C2

190.199.99.171:993

41.69.192.245:443

167.58.254.85:443

206.1.172.1:443

5.163.177.234:443

134.35.0.103:443

105.96.221.136:443

41.101.100.7:443

186.177.93.18:2222

78.179.135.247:443

177.205.74.14:2222

102.47.218.41:443

102.156.149.226:443

41.250.48.206:443

41.107.58.251:443

187.198.16.39:443

193.201.187.64:443

41.102.134.89:443

102.159.77.134:995

105.159.49.123:995

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Originals.lnk
- Size
  
  1KB
- MD5
  
  90af1b34486a977c3d31d28bdc24026a
- SHA1
  
  c660ed19958c995519904e0643f10d5563e84042
- SHA256
  
  876b9f2a470619a165b5909bcbf50d8395ea527352f16d027df056207e70ebf2
- SHA512
  
  d97e5837df81ebd6b1ffaf2f2ac04f65073af0edee992192db43e5512dc25e8f4027d4e43f3fc4ee5eb3e5e37ff632bd1e4c363463a0c788222424738afddc4c
Score

10^/10

qakbot bb03 1666073717 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  carcasses/muddler.cmd
- Size
  
  373B
- MD5
  
  a4a9896e51764a66ad5d36371f9dbb3f
- SHA1
  
  b83cabf5894ff9d6057df901badae8ec11307063
- SHA256
  
  c19108eab59c349eca9e96ccaa3c5fbb2c9af867a2844f15d01ddc1e167976b1
- SHA512
  
  ee6abe345bf985a441d4df0b071231d522395ee89172bff06dab44984df9b00f478bc8b11c05ec7982d9b7c8484f9fdac138f561acd0820a913633110ab56024
Score

1^/10
behavioral3 behavioral4
- Target
  
  carcasses/relocated.des
- Size
  
  561KB
- MD5
  
  eb56bb9ae6f65fd905aed6a2eb6bf55d
- SHA1
  
  1185bc1a7f9fbe3838725f1d771865ef9fe076c9
- SHA256
  
  613fc48aa936c10c9e75ff6746e0405c1cdab68566d84cc46bb68e1bcb986aa0
- SHA512
  
  7ed825b1afdc822bd0aea1faa971144d12b8ccda756d4b326c59aac09247b5008846fad4c64a4d46d3633548874c346feb6a01968056a8ec6f79bd9678cbf2f4
- SSDEEP
  
  6144:ypIe6W8uc0KxlK9gpC1d88LKXLAOkuL9P5Qt6frqLwYzbn4NKToC2HD9qFmq:yptV8uc0KS9gpC1GI4v9PmgfKP1KJq
Score

10^/10

qakbot bb03 1666073717 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6