qakbot | 8ca7ba1b10daf688733dde8ae03a48a19e0bd786cee63fbfd63b4cbe0edcb21d

General

Target

CO4137.iso
Size

1.8MB
Sample

221031-vppzhabee3
MD5

e8cbe03dc92ab393284644116dc8a2fe
SHA1

67631cb30f381353466bdbe8b8072ffea3770592
SHA256

8ca7ba1b10daf688733dde8ae03a48a19e0bd786cee63fbfd63b4cbe0edcb21d
SHA512

5b66ca17c3fd656b69088539b77a05067c575ac55012b8953defa7d8ca13c9055528fa85163a5a2c04bb965f5ad593c79bbeda22e7a2462897a92b9dc0ede5e1
SSDEEP

24576:wHrdOBKJGDcYOGm+FpvC04Rl3ZC499TlgxE29S3GrOk8YdSkQXlZ:wHrs9dm+n60YZCZY3+R8Ydkv

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.14

Botnet

BB05

Campaign

1667208557

C2

174.77.209.5:443

187.0.1.74:23795

24.206.27.39:443

1.156.220.169:30723

156.216.39.119:995

58.186.75.42:443

1.156.197.160:30467

187.1.1.190:4844

186.18.210.16:443

1.181.56.171:771

90.165.109.4:2222

187.0.1.186:39742

87.57.13.215:443

187.0.1.207:52344

227.26.3.227:1

98.207.190.55:443

187.0.1.197:7017

188.49.56.189:443

102.156.160.115:443

187.0.1.24:17751

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  CO.lnk
- Size
  
  1KB
- MD5
  
  43e43289434b4c7417b35852b44cc845
- SHA1
  
  bf0f63fb380513d62e9e54023c93e12d6a820c4d
- SHA256
  
  3e3c759889176ac1291cbef34ad7b22d2943ad2f2d082937420c849eb4ce44f2
- SHA512
  
  0348ce73a1feba8c738546adceaa57ed84fd444338772ef82e3c0deaecce93fb1b464535d4f2d21a4c4b7800a903c864b1fb9421a830fc66972974cc3c5b36ee
Score

10^/10

qakbot bb05 1667208557 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  judicature/contaminative.dat
- Size
  
  1.6MB
- MD5
  
  7e7bdad13f25974c9bd07b0591d2773e
- SHA1
  
  fd0d969841ec7654b1b969d8c296031c3575d63c
- SHA256
  
  e9e65452644cf71bddbd3a324c171117c3df219a642bca6083ee6796dc5365c2
- SHA512
  
  a7f3e3e0c8c3d07993694a30e7853d81ae97417d17ec93287cd9a5da30a305dbfad5a79b5431d599581ba05aa8d0b0b58dea88a61b20031294aaa32ee9038a82
- SSDEEP
  
  24576:hdOBKJGDcYOGm+FpvC04Rl3ZC499TlgxE29S3GrOk8YdSkQh:hs9dm+n60YZCZY3+R8Ydkh
Score

10^/10

qakbot bb05 1667208557 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral3 behavioral4
- Target
  
  judicature/lent.cmd
- Size
  
  660B
- MD5
  
  f8248012b1f98b370870e8b2923c718d
- SHA1
  
  2975fc9a2596b38bb7bb83df941001f3c2beec03
- SHA256
  
  d31bf783690931331b4287152118d6c52eabd26f11b33d0aa937ec4de34a3ad8
- SHA512
  
  e11891792ececf52a908d16266aa038fcdd8f59af32e678ef0a70b99bb6ecbd4813f9f067d6f2a97e6e41deee1fd174243f3670edc082b829e508ef07f97fc4e
Score

1^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6