qakbot | 15f97fd4d19ad8cb2611490f81622c9ff73c9659c4811c8aaea8dd3245fe772e

Sharing

Copy URL

Twitter E-mail

General

Target

KL1814.iso
Size

576KB
Sample

221101-zy5tjafba2
MD5

44907b926f89533f73690a060481a9b6
SHA1

c11802f510d3326e6bd3cdc0eb5b8b8fefe228bc
SHA256

15f97fd4d19ad8cb2611490f81622c9ff73c9659c4811c8aaea8dd3245fe772e
SHA512

f817bcf97882c5d7782384797f9c3828f2aa947e41857c37cf4293f29c1d6ba7cbe4d8748888f48e9bfc945d52bcec28bdbf202a18aa8c7ecec8b60764789bcd
SSDEEP

12288:EnIQG2dEYsv2gJEXE1DMv9/rsGPDp7Oqk4A:ls0pMVtPD1BA

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.14

Botnet

BB05

Campaign

1667208499

174.77.209.5:443

187.0.1.74:23795

24.206.27.39:443

1.156.220.169:30723

156.216.39.119:995

58.186.75.42:443

1.156.197.160:30467

187.1.1.190:4844

186.18.210.16:443

1.181.56.171:771

90.165.109.4:2222

187.0.1.186:39742

87.57.13.215:443

187.0.1.207:52344

227.26.3.227:1

98.207.190.55:443

187.0.1.197:7017

188.49.56.189:443

102.156.160.115:443

187.0.1.24:17751

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  KL.lnk
- Size
  
  1KB
- MD5
  
  2c8306da8f34055e63d40da1ce51ca23
- SHA1
  
  90c03041cb112a514bd7c68a96819dc82f077431
- SHA256
  
  54aa71e278ddc793ed59e0434cf10b8c9b3b24f738e21276a29c4fa345699c88
- SHA512
  
  b6dc62795b9355ca71aca78074c2865c4057753db98680f299281231784ca56797b3cdc18b13c1ec56f0fe51eea4c51df1d4d8160b7319dc1faf3b9e01c18a71
Score

10^/10

qakbot bb05 1667208499 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  recoloring/debatingly.cmd
- Size
  
  308B
- MD5
  
  24133d889afab16a4ec54014d27a1abb
- SHA1
  
  a1ac6833c049623deb2c6b8e24c7191a1df9495b
- SHA256
  
  2eed18ccd25144c0142a144949ded418e8961bb6bc61801b917607bc313f6862
- SHA512
  
  c1e7034b374d05566c92b8d1508cbe35bfaead2d3699e574e5078d771f6bb5e530b4fb6b0f71eae5e6be8889086504ef6074462bfb105b248ef5cc83139fa21f
Score

1^/10
behavioral3 behavioral4
- Target
  
  recoloring/gratefully.dat
- Size
  
  483KB
- MD5
  
  51e3d08a3839c0f2903cc3b4e26946d1
- SHA1
  
  0c8d0ec70d358ae4ae6ed8c833a30ac0d24c3b3a
- SHA256
  
  c148d075bb238f82a05eda1c817f00f88c28a8ed64e0f45bacb8774a645e3993
- SHA512
  
  07f62f6a5948c0ebde8311dae1d6334aa4753fd37b7a75fc9e90abf8e32f731083fb3ebd5fe9cbd913857fa7943f470a6bf28af72bea42d80f8a41e09ce81dc2
- SSDEEP
  
  12288:mIQG2dEYsv2gJEXE1DMv9/rsGPDp7Oqk4:9s0pMVtPD1B
Score

10^/10

qakbot bb05 1667208499 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6
- Target
  
  recoloring/serpentines.cmd
- Size
  
  262B
- MD5
  
  cf8e22128f8c25d688021a3eb264d2bf
- SHA1
  
  cfde30da6b1926bf45ed7bbf2f5dd4cc98863033
- SHA256
  
  fd577c8a56b8120784e05c725ef83b3208b6d30216d1dfd7ab46bb0e8ab4d034
- SHA512
  
  962e4e474c94ff8cd3ae7a3b17dd108b7fc2571c8e9029758bb7bc95e4190e773a765f37af7dc0b4079fbc42f749ff32c55e670b86993740acbb8dc46ca10282
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8