qakbot | 2cde04c212fc07c94e1ebecf050a4d35d0a809f4bddd7a6c500507716704b2da

General

Target

DV_5842.img
Size

480KB
Sample

221031-wvydhabgb3
MD5

13913383fd80ec96bf68ccc2b06d0c2c
SHA1

e8e08687ba11f3ab44068c8839ba3ef44cf11c78
SHA256

2cde04c212fc07c94e1ebecf050a4d35d0a809f4bddd7a6c500507716704b2da
SHA512

e0b48e44cdfc7a252486c135a5cd19d0f1be9d07cfe69f09a0d97a652834052f46d7c9b08cd1b6f72105cd96ede3b66f7f88bb95a811186180e97e54736ad865
SSDEEP

6144:MkbHJhzU/Gr+acU2gqnEIzGOEBPepzn6WX1LB5QpK1K0we5itwWUTPAO7V:dheLacnx5dFBOpawe5iF81V

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.14

Botnet

BB05

Campaign

1667208499

C2

174.77.209.5:443

187.0.1.74:23795

24.206.27.39:443

1.156.220.169:30723

156.216.39.119:995

58.186.75.42:443

1.156.197.160:30467

187.1.1.190:4844

186.18.210.16:443

1.181.56.171:771

90.165.109.4:2222

187.0.1.186:39742

87.57.13.215:443

187.0.1.207:52344

227.26.3.227:1

98.207.190.55:443

187.0.1.197:7017

188.49.56.189:443

102.156.160.115:443

187.0.1.24:17751

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  DV.lnk
- Size
  
  1KB
- MD5
  
  76dda719c2dd44a2c726dfde065f6ba2
- SHA1
  
  c13dea5129ec9baa332a0bbe702818e8a1b2f1fb
- SHA256
  
  f4d644818e0f129317faa0ecf64186753604c38bd342da4dca57be728bd93725
- SHA512
  
  91a56709d3172f1ddbe0e83b168b2b47c31beea557a94e660183ac62d2175fd3823adcff6b01fdbbafdb3633caa689b2de6c2148ed87ac0add16a4eb39826bc5
Score

10^/10

qakbot bb05 1667208499 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  selectable/monotonously.dat
- Size
  
  421KB
- MD5
  
  f1099c69a48cc7e974b0e5425a24504e
- SHA1
  
  6d39abdd22e00682e9b3d4f7f66656e5ec38e5a3
- SHA256
  
  c4033d78ebb05d37ed2604b75521690298172240fbbc74e4409d63fd4cc9046c
- SHA512
  
  539d7c77143c0c9ad500ace63db17c697bdf15075d0572441a65acd7f9c7de1f98f4fdc6e6d7e2e7ddd704fa1f753aaa9a1e6af9b04044cf9b19e47049286e72
- SSDEEP
  
  6144:MkbHJhzU/Gr+acU2gqnEIzGOEBPepzn6WX1LB5QpK1K0we5itwWUTPAO7V:dheLacnx5dFBOpawe5iF81V
Score

10^/10

qakbot bb05 1667208499 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral3 behavioral4
- Target
  
  selectable/resourceful.cmd
- Size
  
  541B
- MD5
  
  2432327a07906e4c41766c13bbbbf355
- SHA1
  
  9919fbd78cf1bb367a8827670c25c310ba82431a
- SHA256
  
  4c88e6cd02bf671e1f9aea0f0586e9996b8d116ef4903d5fecbd2c883e9f3cbf
- SHA512
  
  6af646d030a1b5f9f74e0e13a2bf3ca187a0319eff3cd6b2d09724dd196c4c5990a272e9c1267b0ecdb291406b57e49b03a7a660d8d6115d84ff9824a9c01919
Score

1^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6