qakbot | 3fbeaa3e3173d1154d5e6fdc7876d1203b9f286e019ebe3830c94643b73ac7bb

Sharing

Copy URL

Twitter E-mail

General

Target

RS7998.iso
Size

584KB
Sample

221102-rnlnxahdd8
MD5

74cb679a3a60b56a1909e9a7b89cb087
SHA1

506c121f29c2ce150a9ae48a2a310cf9e545caf4
SHA256

3fbeaa3e3173d1154d5e6fdc7876d1203b9f286e019ebe3830c94643b73ac7bb
SHA512

ba345d5611a53eee755dd47ae31251010847e4be61084722810ca0696175660e408889f0f7b917991405517380089d9b54c320ecbb5577f4d51cb9a37bbe12e3
SSDEEP

12288:ADWcs9z1VbAz4oqJh080aorgv6CGFlltFQp3:ADWcs9z1VbA/DgSCGXFQZ

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.20

Botnet

BB05

Campaign

1667294768

136.232.184.134:995

1.65.20.175:53249

187.0.1.154:63263

50.68.204.71:995

74.92.243.113:50000

1.149.126.159:57345

187.0.1.182:17093

123.3.240.16:995

76.68.34.167:2222

172.219.147.156:3389

94.49.5.116:443

187.0.1.181:14507

206.1.223.234:2087

187.0.1.186:18828

131.23.1.187:1

23.233.254.195:443

76.125.91.160:443

187.0.1.90:42349

70.51.139.148:2222

187.0.1.76:47526

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  RS.lnk
- Size
  
  1KB
- MD5
  
  cb00e4087f8027ff9cc1b1f3a370ce5f
- SHA1
  
  71bd2d7efcead213664c14cb355cbf38e7dda809
- SHA256
  
  a908e696b7849601cef9f2298a164819c7bcdf06182f897f3f20e76c815678c0
- SHA512
  
  fb03e1f0079a768ca0a68d849566a0c2baba5480ee68904069ab8be0c400013aeda7ec0cdda361b229bd9d63b136d56064e5b843c94f2031092012d44704118b
Score

10^/10

qakbot bb05 1667294768 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  cycling/bumps.cmd
- Size
  
  272B
- MD5
  
  f4da613b26bdb2e37cc74c163b553ad1
- SHA1
  
  f750d17ff590b85a9da3708df5b639b7e355783c
- SHA256
  
  9d32eeb28315111ab685a836687186e5dd629f991a673f2c1a9b7471fec49c0b
- SHA512
  
  0c28be4bd1363b8ed169aad4a0f9a3aa5f27ba80015bd6531b0a7b6a7a8aa09c59fc50165c07abac58ce998cb882e81e34f3c8ffb81f86f298910fe528817b43
Score

1^/10
behavioral3 behavioral4
- Target
  
  cycling/deer.dat
- Size
  
  420KB
- MD5
  
  a66ce6b73ee339d54369aa2b9ba274c9
- SHA1
  
  023b4382d70de340fb165e387fe45353d3003791
- SHA256
  
  6c44587d0e76772da439d9dea08133e4537b27a32020c0bbdffa16f079b3466f
- SHA512
  
  202385aecd56600501b6caa4c8e80bfd799f97c29743f1f9ca819cd99e7921497ae971357d262ef534eb7774777c47cd35f98d8d88d66bffcaa828a28a8edbe8
- SSDEEP
  
  6144:xz1Q4eqQv0M64jj41uqLT+0P5ZL1mZGi60pWT+8cYHtor5ev6dgZAFMcfokl/WqW:xz1VbAz4oqJh080aorgv6CGFlltFQp3
Score

10^/10

qakbot bb05 1667294768 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6
- Target
  
  cycling/huh.cmd
- Size
  
  270B
- MD5
  
  2ac27933f48ca970aa42a1bf2c974df6
- SHA1
  
  d64cea98cd9f2d8ce8948a5acd25c7e2351e1f07
- SHA256
  
  81e81ef7cd4816c691772976abc54f5148e4602832541c596f541fa15cc682b4
- SHA512
  
  2dc011b6133f51331eba95993d3745ea042a28bd40002bab4e003fbe2a02f6cb27d627c61dc925a344404d70e1a8e7cb303cf722874a2ae15136e5a5d2cf5a32
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8