qakbot | 8c5199635ca22fc6796557743d865e17988fc6079b1f4e797ffafa505c1af41b

General

Target

CVXR13.img
Size

722KB
Sample

221115-1ka8fagb25
MD5

93fb4e67bb6e89edbce444f294551db4
SHA1

e0c89695dc6e2d287863f3a89fa064a3a1266065
SHA256

8c5199635ca22fc6796557743d865e17988fc6079b1f4e797ffafa505c1af41b
SHA512

407fa38c52562a208321d6c3c4ba1977d59cc3e419ee5e6aac27a730d56b1ac37ae2c5325d70f01c67dc9498671a26648fc6875d400f4003fa9db01504e15860
SSDEEP

12288:BYh/TGcg+w9KCHJdcvXumiT3QOrT8Rk0zvInbiPCw18al1USuSZxHHTkG/8H8:BYh/TGckKCH30IAIQR3O7OjHHApc

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.27

Botnet

BB06

Campaign

1668492308

C2

49.175.72.56:443

81.229.117.95:2222

47.41.154.250:443

69.133.162.35:443

84.35.26.14:995

68.47.128.161:443

156.217.219.147:995

87.65.160.87:995

174.101.111.4:443

82.127.174.33:2222

91.169.12.198:32100

24.28.121.122:443

157.231.42.190:995

90.89.95.158:2222

74.33.84.227:443

24.64.114.59:2222

80.13.179.151:2222

64.207.237.118:443

24.206.27.39:443

170.253.25.35:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  CVXR13.img
- Size
  
  722KB
- MD5
  
  93fb4e67bb6e89edbce444f294551db4
- SHA1
  
  e0c89695dc6e2d287863f3a89fa064a3a1266065
- SHA256
  
  8c5199635ca22fc6796557743d865e17988fc6079b1f4e797ffafa505c1af41b
- SHA512
  
  407fa38c52562a208321d6c3c4ba1977d59cc3e419ee5e6aac27a730d56b1ac37ae2c5325d70f01c67dc9498671a26648fc6875d400f4003fa9db01504e15860
- SSDEEP
  
  12288:BYh/TGcg+w9KCHJdcvXumiT3QOrT8Rk0zvInbiPCw18al1USuSZxHHTkG/8H8:BYh/TGckKCH30IAIQR3O7OjHHApc
Score

3^/10
behavioral1 behavioral2
- Target
  
  CV.vbs
- Size
  
  9KB
- MD5
  
  9a445f18302616107b9c63ab3508b4c4
- SHA1
  
  1b939212a224d4ef711e2fd38443aabeed4e0bd8
- SHA256
  
  5f408833d318ca3ddd5d560023a37cc814a1543799730092a10efd11557dce3a
- SHA512
  
  2005575d9f6f8ccd0a19d063689358b16d819feca6d3e8c6cb45583db0dba83604a18057dfd4c7bf0184fc9a4f98492f8c161347cb6b940f3794211b985a77b3
- SSDEEP
  
  192:mEWheSjzZaUgrcl/E4rowaD/OCMhiEe1C7p11G0vdzgWF0fkbsgTbpQa:HX41ajrcpE4rocCMhidGpPGmX0jWbX
Score

10^/10

qakbot bb06 1668492308 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  inducted/erbium.tmp
- Size
  
  624KB
- MD5
  
  c5820b2abee2307659186876566521d9
- SHA1
  
  7c311e7b82e1f863614897c4e07c60ec0c47fe1a
- SHA256
  
  923b840050fb7ef3cce2127508c1b8efdffacc566412e6ecaa705794b7bfbe3c
- SHA512
  
  745f8fdf48f4b180bc8a4e41326572320464ad0da32b599e8c35f1a15d5785ac567aeb9338a0e45207adf3dfa9d8c4f35947591401eb3e83072587065edeb495
- SSDEEP
  
  12288:i/TGcg+w9KCHJdcvXumiT3QOrT8Rk0zvInbiPCw18al1USuSZxHHTkG/8H:i/TGckKCH30IAIQR3O7OjHHAp
Score

10^/10

qakbot bb06 1668492308 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6