qakbot | a3ac51fa56c06fc9f5fb24ea4eee4fb76e01a9ad30b0748dbe2ffe706db52311

General

Target

CO9938.iso
Size

1.8MB
Sample

221101-dx5w9affa3
MD5

9a5270ba153681d3c62d93b2de6df3d2
SHA1

defed62d47070833916c651c701ea601b9656f1f
SHA256

a3ac51fa56c06fc9f5fb24ea4eee4fb76e01a9ad30b0748dbe2ffe706db52311
SHA512

b0c36448895ec088d9e91e6fb9d8342f1fcadc9548ae4b5e219984c617d994e370073c4d64c879954f05a5e886d1b993a4168070b69cdd4833d2e792c12bbb4a
SSDEEP

24576:wH4dOBKJGDcYOGm+FpvC04Rl3ZC499TlgxE29S3G8Ok8YdSkQtlZ:wH4s9dm+n60YZCZY3tR8Ydk1

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.14

Botnet

BB05

Campaign

1667208557

C2

174.77.209.5:443

187.0.1.74:23795

24.206.27.39:443

1.156.220.169:30723

156.216.39.119:995

58.186.75.42:443

1.156.197.160:30467

187.1.1.190:4844

186.18.210.16:443

1.181.56.171:771

90.165.109.4:2222

187.0.1.186:39742

87.57.13.215:443

187.0.1.207:52344

227.26.3.227:1

98.207.190.55:443

187.0.1.197:7017

188.49.56.189:443

102.156.160.115:443

187.0.1.24:17751

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  CO.lnk
- Size
  
  1KB
- MD5
  
  daa7a11894ae27df9d91973a35e6db5b
- SHA1
  
  0ba15895a9f00109f7b38153019cb45060292335
- SHA256
  
  f5acdfa7bd492ed33df32f45ab574328628f04308dadb8ecf75cb17217bf9de5
- SHA512
  
  3e67b18b432782ae2df6188ed54a7a827da35e32c1498a45ff363e8d3471ddefb14b902ac9696038aa8d2fd76c1742d5ac71987976ee9cf41e0e4f8233c4ece1
Score

10^/10

qakbot bb05 1667208557 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  judicature/hypothalamic.cmd
- Size
  
  622B
- MD5
  
  92c13721b4f71920fe1afaa48fe87997
- SHA1
  
  807728fea5e92a03f516434a9148d7b6b8e71947
- SHA256
  
  63d38496e76662ed84480c63ef818242de26e10defcc8670a38fba0ed7621a89
- SHA512
  
  02d92cc2c0e71962d6362fab72781ce2e22a8c716f8142bc0fe36dd8a84fb2ccb3ff33c14c1d149cc5abbf0d00e0091dfb74cb76fce831a5bc28487acf602ab6
Score

1^/10
behavioral3 behavioral4
- Target
  
  judicature/mucked.dat
- Size
  
  1.6MB
- MD5
  
  b9aed833999244d4861a6cc232de3fe5
- SHA1
  
  bb88cf8ac22a5feb01fb3f1d448c3dbf9b09b611
- SHA256
  
  63959c0cd8d14b1e6b589378d25fd9ed285cd108487ff645ea0b62eae7c14899
- SHA512
  
  de8e5a10e04e9555be8cace59e42f1a09ea3d9cb8e259794e09861d605d9050b01552823e256eb5be8b602495ed689817757b8c6e8ae41aeb00596ab62bb66c8
- SSDEEP
  
  24576:hdOBKJGDcYOGm+FpvC04Rl3ZC499TlgxE29S3G8Ok8YdSkQh:hs9dm+n60YZCZY3tR8Ydkh
Score

10^/10

qakbot bb05 1667208557 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6