qakbot | 4da25085c838384622cb4aac3cb798ec32bf82819ed0374df76a401a969f0ae5

General

Target

DK1158.iso
Size

832KB
Sample

221026-rkq48afhe8
MD5

e05a59fe1fd5c1909f582c5a5d7a53a1
SHA1

946e9a5354f583a735d867c3a69296cccf220ead
SHA256

4da25085c838384622cb4aac3cb798ec32bf82819ed0374df76a401a969f0ae5
SHA512

fa376ee80460f2408b3ffe4654f3038d260da4e57b8f012205d998bc658d0ded5ca4d4f4ab326b04ed1bfc9f07c4e0452ae0bdd7c83403f2599a437e21eefff8
SSDEEP

12288:XBR85dpYFBet7OkL+vLkGYGvMc5Eyzi70YNUoj7iB:XBR85dpYF4t7OkL+vL7Bx6jm

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

403.1051

Botnet

BB04

Campaign

1666690935

C2

181.164.194.228:443

24.116.45.121:443

190.74.248.136:443

24.206.27.39:443

27.110.134.202:995

2.88.206.121:443

71.199.168.185:443

200.233.108.153:995

198.2.51.242:993

172.117.139.142:995

70.115.104.126:443

144.202.15.58:443

190.24.45.24:995

24.9.220.167:443

58.247.115.126:995

193.3.19.137:443

45.230.169.132:995

68.62.199.70:443

43.241.159.238:443

113.162.196.232:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  DK.lnk
- Size
  
  1KB
- MD5
  
  5fe4d4bd1777e7a120b0b8e1c481ca75
- SHA1
  
  2bcccce190d6d0ce3133ec3d45d9764616e0698d
- SHA256
  
  d6593e8f6ee3b6a017ae2705d4210c6bfda6cf5db917b0638ade6cb7d39d0199
- SHA512
  
  ae2e16fb831722ee8b2aa2dc8827c611fb6f51d096d45d8bdbe70c59dad51b78fd7d1388493b66a0c58487527931ebf4de8da022ecb394fa5b8e1f8c25c5c8b6
Score

10^/10

qakbot bb04 1666690935 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  moccasin/falsehoods.cmd
- Size
  
  607B
- MD5
  
  b6abad17ebb1c0eb8bd2062fcd7d1e1b
- SHA1
  
  6adce52f1fd5c3518fa9de31e2a37b6b3e9b94dc
- SHA256
  
  fc0048ed55777709710e50ec7febcf5604fa0faa8fa9df4d28bb7b86b595d986
- SHA512
  
  90925e68b0b20c65adde642ff5367ddb64f29d39cd205e10d03c4581312ceb586c0f9df8d5dbfcc90841f09e9d9b4b275039fc4f6e7721a9f58d4145467c9473
Score

1^/10
behavioral3 behavioral4
- Target
  
  moccasin/tenseness.dat
- Size
  
  502KB
- MD5
  
  ec9bb4426fad8b3edaf988b5e3beaa33
- SHA1
  
  db72cad6a8e87c802fc7aa71898662d1a3db0ece
- SHA256
  
  4512c97dbfd33b86702264a63eaff6c12430e5b275bf7f431f9b525d2bd913cb
- SHA512
  
  1edddf9c9984c90de5a9783b1de870a76aac18ed36238426be1770b72e8374a8ba9212d090c8aa90671bf4e03825e4ee6f5ecd57f3e16b318553e288f3d3502b
- SSDEEP
  
  6144:KSGYaRyE5Na5otGQkAVFOaqyrvAO87yH3pkNNUoGMHbn/WRCGxIIcAB:DGYGvMc5Eyzi70YNUoj7iB
Score

10^/10

qakbot bb04 1666690935 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6