qakbot | 62712da6f0a8bf22c9f3b88ad073290c87296d7e905af66060fd0a458b7690ad

Sharing

Copy URL Twitter E-mail

General

Target

KL4233.iso
Size

926KB
Sample

221101-rxdpnacfe8
MD5

7f78958a06e355970801467afeb9a48b
SHA1

aa0e3c9836b93bb324e8efd49a0878d79b7b9d0f
SHA256

62712da6f0a8bf22c9f3b88ad073290c87296d7e905af66060fd0a458b7690ad
SHA512

6f88a598bcd933d5a999fda95f8b49a0bc45cd26ab3d9a33cae93932444118397e375c2afb4ef28c7ccefc024f6419ab6c150b0025119a7b42a3ef1d47584507
SSDEEP

24576:lkmHudy29ChzEooQ0UwrwtHHHHHtYOzswani5WwM2HAnC9e:s+FEooJrwtHHHHHtYOzswai5E2HAnCA

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.20

Botnet

BB05

Campaign

1667294768

136.232.184.134:995

1.65.20.175:53249

187.0.1.154:63263

50.68.204.71:995

74.92.243.113:50000

1.149.126.159:57345

187.0.1.182:17093

123.3.240.16:995

76.68.34.167:2222

172.219.147.156:3389

94.49.5.116:443

187.0.1.181:14507

206.1.223.234:2087

187.0.1.186:18828

131.23.1.187:1

23.233.254.195:443

76.125.91.160:443

187.0.1.90:42349

70.51.139.148:2222

187.0.1.76:47526

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  KL.lnk
- Size
  
  1KB
- MD5
  
  72d8e2c56c91fd5d697ec745af009649
- SHA1
  
  d209108aefa170db47b5fcdcdb7ed9cbe65434d5
- SHA256
  
  5eee2fef051ed452010717e5cfd2e3f4c898e507fadd1c8e94eb16ab8bc53b88
- SHA512
  
  c4e00af0f3374abe41dc8d46c79b4cb04f54ed5d806c436175f39a5379aee9d05670e9b5b12fd49de5d25441954a499883315fd3652961bda48858c9aafe027e
Score

10^/10

qakbot bb05 1667294768 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  tights/guaranteeing.cmd
- Size
  
  333B
- MD5
  
  01b62cf5bb6b356baf9af78bceefc556
- SHA1
  
  1bad878b455883e30f5726f307c93e7e746e3976
- SHA256
  
  9e7c67fc612cb7541c7499ae8f7f14067694ccf9ef1a0963a017df51bbde2a44
- SHA512
  
  fe2f0616712ec8b5f2771f1aa55a664f74997c78749631310d22bd6f1c439272832177da2353562cc220f2860494f27dd3eaf558f0881536d6e56fc2e6cdde1c
Score

1^/10
behavioral3 behavioral4
- Target
  
  tights/mandible.dat
- Size
  
  421KB
- MD5
  
  2720f95a07be909773be386c354f489f
- SHA1
  
  ee1336d4c58feda3922ab671180d327eb045df8b
- SHA256
  
  f27c6f661babb56dc6643c1cc2f947e8e138a0a578b90ebcc71ba2300f48f0f3
- SHA512
  
  d3a49bc6025aa598306ff020259cf2059ec327dc306f646d3f440be6c16abbc674b048224f5cc93435abd909446b954da5147263a81df02a10cfdec147404b9a
- SSDEEP
  
  12288:Pkpde329VEdv++607q6YP4uo7N9wIegv8JowUShUPw:Pudy29ChzEooQ0Uw
Score

10^/10

qakbot bb05 1667294768 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6
- Target
  
  tights/surgeries.cmd
- Size
  
  259B
- MD5
  
  525cc4576aaeeefb23d1d7467f2933d1
- SHA1
  
  f713723a7006c2f54ba9c8816b4ef193508b4e52
- SHA256
  
  e98344379cc2fdaf22f580271a3ea99fecb97d4b19ca5a9e992151d97ff78f84
- SHA512
  
  339b5369c68886a767a2de25cb628562306462a6b6b4a3fd83d9173dab15b0672077189e441ee91c0de5def8ad90eb425d631f9d0169164d5fc10ff002ab4ace
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8