qakbot | 2194c5e9c048a6125373d6c43da58f81bc33595943d8c631ed7571eb43054d0b

General

Target

CVWC35.img
Size

722KB
Sample

221115-25ratscc2y
MD5

b506204da4446139f5fb282ad0f877b4
SHA1

2746ee2fbfd179c90c332fdc98872b958c6c79c0
SHA256

2194c5e9c048a6125373d6c43da58f81bc33595943d8c631ed7571eb43054d0b
SHA512

6202c47a0372c756355d28c6758cf838ad60220e6b3b41f6c8a6d98fa5f6f88877649294e8485a844f748a6251ccaa963b6e5a6bcb1aef7b8badf432d9aa3179
SSDEEP

12288:6YJ/TGcg+w9KCZJdcvXumiT3QOrT8Rk0zvInbiPCw18al1USuSZxHHTkG/8H8:6YJ/TGckKCZ30IAIQR3O7OjHHApc

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.27

Botnet

BB06

Campaign

1668492308

C2

49.175.72.56:443

81.229.117.95:2222

47.41.154.250:443

69.133.162.35:443

84.35.26.14:995

68.47.128.161:443

156.217.219.147:995

87.65.160.87:995

174.101.111.4:443

82.127.174.33:2222

91.169.12.198:32100

24.28.121.122:443

157.231.42.190:995

90.89.95.158:2222

74.33.84.227:443

24.64.114.59:2222

80.13.179.151:2222

64.207.237.118:443

24.206.27.39:443

170.253.25.35:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  CVWC35.img
- Size
  
  722KB
- MD5
  
  b506204da4446139f5fb282ad0f877b4
- SHA1
  
  2746ee2fbfd179c90c332fdc98872b958c6c79c0
- SHA256
  
  2194c5e9c048a6125373d6c43da58f81bc33595943d8c631ed7571eb43054d0b
- SHA512
  
  6202c47a0372c756355d28c6758cf838ad60220e6b3b41f6c8a6d98fa5f6f88877649294e8485a844f748a6251ccaa963b6e5a6bcb1aef7b8badf432d9aa3179
- SSDEEP
  
  12288:6YJ/TGcg+w9KCZJdcvXumiT3QOrT8Rk0zvInbiPCw18al1USuSZxHHTkG/8H8:6YJ/TGckKCZ30IAIQR3O7OjHHApc
Score

3^/10
behavioral1 behavioral2
- Target
  
  CV.vbs
- Size
  
  9KB
- MD5
  
  e863e5ecf86e6e9e8fbb04042b83c7be
- SHA1
  
  069953c130517c96d6f58b25d63360e187a65293
- SHA256
  
  dc63c8fad40bfb9a067c30de4dcbf8e57559a49a030e43d979fa80f207fdd81f
- SHA512
  
  22498882d1c0da8a5b998569a87b4c709bb6717f4abec8f7bfe6c1ea080cb27ee769eb73cd43f0db50fb18df79a4a0d64622425d3c6951ef48ba975e555c0257
- SSDEEP
  
  192:mEWCeSjzZaUgrcl/E4rowaD/OCMhiEe1C7p11G0vdzgWF0fkbsgTbpQa:HW41ajrcpE4rocCMhidGpPGmX0jWbX
Score

10^/10

qakbot bb06 1668492308 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  inducted/rebuttal.tmp
- Size
  
  624KB
- MD5
  
  8a601be19aac2e90e90d071a15b6d836
- SHA1
  
  3b62c0d30112e2130a1d4cd36cff5a6711b0c5d4
- SHA256
  
  3d1a646625cfa6ea32a9c50a164a171edfcb9da29da1d9bcca124c563d22399e
- SHA512
  
  b0f7e66e612f9c6e101d02a901e6417817906addeb70d1fe945cb86ae9649c20ed6a2d3b8cb0dc0ecb34b8c86e6df9b6bb1f27e81c0b05a51761419b454fb46a
- SSDEEP
  
  12288:i/TGcg+w9KCZJdcvXumiT3QOrT8Rk0zvInbiPCw18al1USuSZxHHTkG/8H:i/TGckKCZ30IAIQR3O7OjHHAp
Score

10^/10

qakbot bb06 1668492308 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6