qakbot | 5f8d602d4a325cd67932c3bac2ae25512231efabe04b6444e1d0fafb92cbd27f

General

Target

Details3332.iso
Size

724KB
Sample

221028-zvgbrsfbf5
MD5

15f6c4dd73c3c2cea35c5e248142c2d5
SHA1

83a5b1d65a2ea53331012c35c49c8090c9a68062
SHA256

5f8d602d4a325cd67932c3bac2ae25512231efabe04b6444e1d0fafb92cbd27f
SHA512

95fdbf41703062a103ce8185367f60b1da51954a0f6d976964284bd0e5bf240cc5e06e229dfb7f063cb720c7addbc31b6c0796f1468de81cc2f69455341a22cc
SSDEEP

12288:6qdD/sblafl4M/8toGXJZ6diNj1o8Ywr6t57AKCW3wdOcUwDOMHHCgOWeO:6qdclafl4eGXuiNS8Ye6cWw4wrHHCgO+

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.2

Botnet

BB04

Campaign

1666863946

C2

27.110.134.202:995

1.156.220.47:17155

186.188.80.134:443

1.190.199.101:9480

187.1.1.181:42178

118.200.83.226:443

187.0.1.144:51727

193.3.19.137:443

1.201.68.209:12157

188.49.56.189:443

187.0.1.14:58271

190.74.248.136:443

201.210.92.3:2222

187.0.1.105:40325

64.123.103.123:443

41.97.169.44:443

72.88.245.71:443

187.0.1.45:59049

41.100.163.127:443

187.0.1.83:62527

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Details.lnk
- Size
  
  1KB
- MD5
  
  d6764aba465cf16c9f57bf2c20b6011e
- SHA1
  
  d192ff81a7aaf7a6435fb3bcbcbf7c8e9d8d0c11
- SHA256
  
  c436b10f00796e1956f806e96aadaa6de82b1decc7df031a28753dc5106cb19f
- SHA512
  
  94a114b4d16592aaf7676c94972b2d881aacc6494451d08e425ac47a2fd826b6af0825b7be9ad8056c2d62f094ad7150a988d4cb0931a4a366a441feb88e6591
Score

10^/10

qakbot bb04 1666863946 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  disallowable/independents.cmd
- Size
  
  343B
- MD5
  
  b0ffb070a7a65fcd65177eda51c3da02
- SHA1
  
  cd8c54ac0115655f1bd14ba65cc1125deaa806fb
- SHA256
  
  182b36419eb7a411432ea62c14ae20c0381c7924d60d23dcd7f2e7418ded77ee
- SHA512
  
  cc7ed84a3420295f28c16385825ba74558139d271b86637df3ec83fd2372318bc20b3a672763862b73c96b7baa61e53dec0cab0b0976ad9082e0fe9b858b3519
Score

1^/10
behavioral3 behavioral4
- Target
  
  disallowable/pain.dat
- Size
  
  422KB
- MD5
  
  8492d15cba84b109e4bda2ec1aefb3e6
- SHA1
  
  922e35df6f122b3e511dd8172b20a5c7867b230b
- SHA256
  
  2e5e876270f2b06a0aaafa0b11e31dec80cf5098c11344c9335567f0c706d392
- SHA512
  
  633abf5cc4ffc78bf3b8396412d9d265f4d3625eded78170c26900bb8833304004f35ccbfe280083a1eeb0d6b2d00f6aa73df714fcf630585cef0ba6fdfe18aa
- SSDEEP
  
  12288:eqdD/sblafl4M/8toGXJZ6diNj1o8Ywr6t57AKC:eqdclafl4eGXuiNS8Ye6c
Score

10^/10

qakbot bb04 1666863946 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6