qakbot | bd63ec69b9eb4516f6a0049edc6633bdd8a940f374f9a5193ca4e5dc94d51b96

Sharing

Copy URL Twitter E-mail

General

Target

KL8620.iso
Size

576KB
Sample

221102-kp3v9aaee5
MD5

ce2da3c13f3dcb4f60c149a541c917c3
SHA1

d7de0df0a20a6c924f7fc5a4d149ff7f7ea26c03
SHA256

bd63ec69b9eb4516f6a0049edc6633bdd8a940f374f9a5193ca4e5dc94d51b96
SHA512

c182829c4daba8bb7c89517bc66bcd028e509cd9de5be19da90bec44c9852b3139560965caf827542d3a8f94493d263dd98651186c60c2c7bfe8545dc323329b
SSDEEP

12288:mIQG2dEYsv2gJEXE1DMv9/rsGPDp7Odk4A:9s0pMVtPD1QA

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.14

Botnet

BB05

Campaign

1667208499

174.77.209.5:443

187.0.1.74:23795

24.206.27.39:443

1.156.220.169:30723

156.216.39.119:995

58.186.75.42:443

1.156.197.160:30467

187.1.1.190:4844

186.18.210.16:443

1.181.56.171:771

90.165.109.4:2222

187.0.1.186:39742

87.57.13.215:443

187.0.1.207:52344

227.26.3.227:1

98.207.190.55:443

187.0.1.197:7017

188.49.56.189:443

102.156.160.115:443

187.0.1.24:17751

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  KL.lnk
- Size
  
  1KB
- MD5
  
  43d2927b2484182408d29d7e431b155c
- SHA1
  
  9712a620713720e95a90a3a8cdcfc2bbdde5546d
- SHA256
  
  a81ef87226171c289bc303c69351cb3299d340cf0a8cb50743e6676b793cf89c
- SHA512
  
  6502a49c5fd745c62b44236b53591a38ce3e074d16b795e385f9f50caf6ccd73e2f8415a38add5050b00bda3c3a47c813a3388a6bc584b59cf6e129ffacef8c2
Score

10^/10

qakbot bb05 1667208499 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  recoloring/dolesome.dat
- Size
  
  483KB
- MD5
  
  aa613d31dc7d0fb141d17b0c8ffd38b3
- SHA1
  
  1d1bd4cc6ba9082a00b30a9ed3e010aa2d0d6c0d
- SHA256
  
  de39a0517470d1958cb53fa62bf239be2d9125f35282ad625d3a6865ba13d831
- SHA512
  
  ef2f97448f56ba913b78516f96bdef6b0c56876ba4bfbc1822963c26a4dc2fd84c970ecafd932f52397c0dfd8f95fb5411674eb66bc073c29edddf97f43f62c6
- SSDEEP
  
  12288:mIQG2dEYsv2gJEXE1DMv9/rsGPDp7Odk4:9s0pMVtPD1Q
Score

10^/10

qakbot bb05 1667208499 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral3 behavioral4
- Target
  
  recoloring/purrs.cmd
- Size
  
  251B
- MD5
  
  d6bf36dc1e08d76a0aac49095a544eb5
- SHA1
  
  10832bde4e47ff379a17ef5050a5295345fc21d4
- SHA256
  
  e0cb72e511df3f0a30ea25189b6e0af048042f89ef744f04f34f75964b586535
- SHA512
  
  d93a3765d478827f0f5ddce70c23cc1bebbfd937c28f7101480134c9bc6266b09d3d9c6cd64d130c57a66832387dcc6b21e3c9d4ed9509b264f8445da96c8fba
Score

1^/10
behavioral5 behavioral6
- Target
  
  recoloring/undeterred.cmd
- Size
  
  282B
- MD5
  
  dd23245afbcb05ada37a38945cddca6b
- SHA1
  
  40ab80c8b02ed2b141a06d084c3064d7aa323534
- SHA256
  
  2d9e07e5a28ed4bae2a66089e9da4d27352da191be75f0e420c4fd5f9a4e5172
- SHA512
  
  61f2a0c8a9170b73ccae94fe7f7b8b656376bc982c2aed2593af06e7994aebe2b69330c4434805806cd823ed9e3c5f3a03e1130dc3a9f61c0a5938bb968ba8bc
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8