qakbot | 5d612f0bdf4f10d82e238d6378dc577aadc133de795931e345b6dc5caad34cc5

General

Target

Details5033.iso
Size

724KB
Sample

221028-2gayyaaad2
MD5

dea2bbb4e9b25c6e1ec3e42dd9132b53
SHA1

97a3b2b88e3e123f7726591cb53df4a847408f7a
SHA256

5d612f0bdf4f10d82e238d6378dc577aadc133de795931e345b6dc5caad34cc5
SHA512

a99690f28dd65076ba193f02a8d881d519e740ef34c765a73be2d75591c1d15f51333acd4759c730e87d80283a617f7b4d05a3791079502fa7342436327f554f
SSDEEP

12288:rqdD/sblafl4M/8toGXJZ6diNjso8Ywr6t57AKCM3wdOcUwDOMHHCgOWeO:rqdclafl4eGXuiN38Ye6cIw4wrHHCgO+

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.2

Botnet

BB04

Campaign

1666863946

C2

27.110.134.202:995

1.156.220.47:17155

186.188.80.134:443

1.190.199.101:9480

187.1.1.181:42178

118.200.83.226:443

187.0.1.144:51727

193.3.19.137:443

1.201.68.209:12157

188.49.56.189:443

187.0.1.14:58271

190.74.248.136:443

201.210.92.3:2222

187.0.1.105:40325

64.123.103.123:443

41.97.169.44:443

72.88.245.71:443

187.0.1.45:59049

41.100.163.127:443

187.0.1.83:62527

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Details.lnk
- Size
  
  1KB
- MD5
  
  944b04f71fa2db97b4c057ab40990b14
- SHA1
  
  36db61b9935c8c6c51930c6d1f873fe8da61fa71
- SHA256
  
  6ce91b206a70000b1ac76c89810e3b92cf79ee397c1ffb99251758e81f356288
- SHA512
  
  169b41a99cb0d467527f1c2194b0775bd0a0f50a4cf42befa8de4192624ab654f5367d6b08653fab4136ff03a6bbd73ef45b08cadca194ca2d47e58249376661
Score

10^/10

qakbot bb04 1666863946 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  disallowable/checksumming.dat
- Size
  
  422KB
- MD5
  
  c53e389854cbcd9f97dac228f8a957cb
- SHA1
  
  bce5dd0660e6efc5717d1c5dd3d54a9a56af1fb2
- SHA256
  
  3803603fb026a2d58d21da04c47a8a0052d725a0d6fb3e8f8ab40099b04c24bc
- SHA512
  
  8fc400fa6c8bbf1d4a6a26c5df3235d9b136cc1f3fe54082b07d17cb1f732f03b41aea516084cdb16415488c003a3f45ceb6df1fe6aa0a10ca579c0930fb5d80
- SSDEEP
  
  12288:eqdD/sblafl4M/8toGXJZ6diNjso8Ywr6t57AKC:eqdclafl4eGXuiN38Ye6c
Score

10^/10

qakbot bb04 1666863946 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral3 behavioral4
- Target
  
  disallowable/leas.cmd
- Size
  
  371B
- MD5
  
  5c33b777ff61671debe433561a3adeab
- SHA1
  
  db3b12775a4374d7ae1bfcf50e9e55c64059a47d
- SHA256
  
  1a00f708c28f787553bb3bb5d19b5608ec43b316f2dc0ce43391ffbb483aaba7
- SHA512
  
  32774e4bc5eba40f73b312c6939910d667ce36f428b19f0ea52e31fbd1ec518ff1dd11f9b8271d05da17f60336ec44de69ee0b79cd7c56c35723f2c2c7df22eb
Score

1^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Executes dropped EXE

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6