qakbot | 620b903bb5be975f3b514fc88646b58aac5d3e35b520d2130d0e03ef8d4c996d

General

Target

DK7411.iso
Size

832KB
Sample

221027-bmdc5sacb5
MD5

ee63ac82db6612e4dab77a1cf22d0fef
SHA1

a4587bde19c80f4345cde5a2793b8c47c599973a
SHA256

620b903bb5be975f3b514fc88646b58aac5d3e35b520d2130d0e03ef8d4c996d
SHA512

d1dc6dcb3247e8ed3235cd50cc53c9c03e6edbfd2e0bc2b92dab8ff5133c64d94fdab020ae7190608314d52eb6eb8e417e6b10b4fb87752e5d05be742452a6ff
SSDEEP

12288:RBR85dpYYGYGvMc5Ey1i70YNUoj7iBtt7OkL+vL:RBR85dpYfBf6jmTt7OkL+vL

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

403.1051

Botnet

BB04

Campaign

1666690935

C2

181.164.194.228:443

24.116.45.121:443

190.74.248.136:443

24.206.27.39:443

27.110.134.202:995

2.88.206.121:443

71.199.168.185:443

200.233.108.153:995

198.2.51.242:993

172.117.139.142:995

70.115.104.126:443

144.202.15.58:443

190.24.45.24:995

24.9.220.167:443

58.247.115.126:995

193.3.19.137:443

45.230.169.132:995

68.62.199.70:443

43.241.159.238:443

113.162.196.232:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  DK.lnk
- Size
  
  1KB
- MD5
  
  d837feb0a5c6e9db26a26d2d73407555
- SHA1
  
  fd2ca9aaba1e8cd138407745b561fe746f852b7c
- SHA256
  
  f474336423742b80c03685174b4d7802bcffe98c1d892291ba5309e51ac95425
- SHA512
  
  ac6bbc8a1f868ee51bdf45b194f26d854161bd4046f870e359d6bce868ba8a9aa0ba566f631043591019633e0fce1e063374e63ffe59d343d159a68a20cdd3f4
Score

10^/10

qakbot bb04 1666690935 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  moccasin/bricked.dat
- Size
  
  502KB
- MD5
  
  bbaf84a9c3ae66febb9d022955c9fb58
- SHA1
  
  a848720f80e594cf46c3d00ed454a59911e2d22a
- SHA256
  
  ac1a35d2c8bfd9a371936a0cdfe082749030224402e8e3d14e3a9c7d5ab278cd
- SHA512
  
  323e6796ae74ee7eee1a6c42e83a6482a776a0a46160ef7230234c07f48dc117c77616cf548f6d27a40a074712b86df46a244aa4f5656bfa8076be49d513a90d
- SSDEEP
  
  6144:KSGYaRyE5Na5otGQkAVFOaqyr5AO87yH3pkNNUoGMHbn/WRCGxIIcAB:DGYGvMc5Ey1i70YNUoj7iB
Score

10^/10

qakbot bb04 1666690935 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral3 behavioral4
- Target
  
  moccasin/gandhi.cmd
- Size
  
  618B
- MD5
  
  ea1ee2d22b603cfe9115a7d3227f408a
- SHA1
  
  fc707de2081c94648905e551eb77efa30dd5ab69
- SHA256
  
  ea2a039696406474a32cb6130d808a58a3589200dd4e3a5c057a1b9cd701d6b3
- SHA512
  
  5b95e2fd0911f383bc0de7d715a17f0d156840662a42bd01755af9f69e962b359e57f1a06d4c33ef78105bd16fabde79c6440c9cef5065d4035d1425995b4c4f
Score

1^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6