qakbot | ffbfcad7fab34297e6a04509f9f82ee1b80a9ff5533c0794ad59803f6bd19ed1

General

Target

Contract3343.iso
Size

698KB
Sample

221020-xd6tzsaag8
MD5

e68f5f3b488788c2330d5b1a52d26fdc
SHA1

f46bdea859155af506d7a643eb257d1e93447809
SHA256

ffbfcad7fab34297e6a04509f9f82ee1b80a9ff5533c0794ad59803f6bd19ed1
SHA512

5d52be96b082c18a33c42b4a73811a52ef86374f17c20361c99db0981d7d581a20f554cabf179a40341917f73011388a3a17e07c0733b0799605e45bb4333ef1
SSDEEP

12288:e5zUU6VCu0L4yCLtaNExGapWYKv38Wy9XRHPh3M4B90U6Zt:YQhVCPnCoApOv3t2hxM4BKZ

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

403.1051

Botnet

BB04

Campaign

1666265103

C2

102.156.82.38:995

152.170.17.136:443

216.131.22.236:995

70.173.248.13:443

14.246.151.175:443

160.179.32.101:995

118.175.242.26:995

186.188.80.202:443

41.69.181.145:443

156.220.14.160:993

201.68.209.47:32101

206.1.172.1:443

156.217.185.90:995

190.74.4.20:443

217.78.49.161:443

154.181.199.80:995

200.233.108.153:993

175.205.2.54:443

198.2.51.242:993

181.164.194.228:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Contract.lnk
- Size
  
  1KB
- MD5
  
  ea5796a2dbf66ddafcf2336e3ada254b
- SHA1
  
  7d5791a43be313cbb69328b52cd92a3ebf5729bb
- SHA256
  
  f242cf05610ffd55e25bd39a24ab306f7bd092571b9033f66716e51729b6c0fc
- SHA512
  
  1a927eb59caea7bef95786afe653a9af73829e00fe99a30af8bbf561fcb910cf75f0701b43f34dea8a25651f8d42165eab26fd5731baedf3668f7df49a31e4d0
Score

10^/10

qakbot bb04 1666265103 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  liveried/facere.cmd
- Size
  
  471B
- MD5
  
  7d5ffd07e2658a7661728beb763fd045
- SHA1
  
  5354825a1b0ce647a92f49ef04aafee61bbad7ca
- SHA256
  
  bf923074d8341ba928cdf5be2c15f698a14d6c02ebaa2fae19b1310ad14967cc
- SHA512
  
  1fada002705a28eb1e0f7c0b24ecb4aacecf81b40fe00a8e607d9e7e8bee30f79c2fd9300d8551ec7f8d490dff72555da4b0a9b2eea4f31e216df7b2b536f442
Score

1^/10
behavioral3 behavioral4
- Target
  
  liveried/storekeeper.ssd
- Size
  
  635KB
- MD5
  
  52aa00e1bfcdbbe704a1faa37bc09c1d
- SHA1
  
  7b946732d0716e846d52c37a2f323b9aafe3bf78
- SHA256
  
  0e2b819de073db1ea9cd0d36fd4b2c9eb998fa4c63a7c1fb6b98751b3a196d7a
- SHA512
  
  697468e0ae1770852acde173d0b07f84c3d0f7493c31a293fa862e7237fb54333823b5a7153557adbb36c58363f5ca1ed84b06c559382aab2d4b49cce4cdcf79
- SSDEEP
  
  12288:Z5zUU6VCu0L4yCLtaNExGapWYKv38Wy9XRHPh3M4B90U6Zt:fQhVCPnCoApOv3t2hxM4BKZ
Score

10^/10

qakbot bb04 1666265103 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6