qakbot | 16e3654f8560fad27639517be2d204ca42c15c874859d60b9d61c9bd766c932d

General

Target

CVJX16.img
Size

722KB
Sample

221115-27f8mscc3x
MD5

6e0d62c4e69e1dba5efef6fdab020237
SHA1

c234d2d258a8b5859f446c5e710b300fc98fc6d0
SHA256

16e3654f8560fad27639517be2d204ca42c15c874859d60b9d61c9bd766c932d
SHA512

5cd5c33e341bef928774051e00c2448e623521b4bafa1081503978901a9b08fda157f1809b9140057eec97cadeabe39098d5da4400593cc7fff95c7a0dea0ed3
SSDEEP

12288:8Yh/TGcg+w9KCwJdcvXumiT3QOrT8Rk0zvInbiPCw18al1USuSZxHHTkG/8H8:8Yh/TGckKCw30IAIQR3O7OjHHApc

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.27

Botnet

BB06

Campaign

1668492308

C2

49.175.72.56:443

81.229.117.95:2222

47.41.154.250:443

69.133.162.35:443

84.35.26.14:995

68.47.128.161:443

156.217.219.147:995

87.65.160.87:995

174.101.111.4:443

82.127.174.33:2222

91.169.12.198:32100

24.28.121.122:443

157.231.42.190:995

90.89.95.158:2222

74.33.84.227:443

24.64.114.59:2222

80.13.179.151:2222

64.207.237.118:443

24.206.27.39:443

170.253.25.35:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  CVJX16.img
- Size
  
  722KB
- MD5
  
  6e0d62c4e69e1dba5efef6fdab020237
- SHA1
  
  c234d2d258a8b5859f446c5e710b300fc98fc6d0
- SHA256
  
  16e3654f8560fad27639517be2d204ca42c15c874859d60b9d61c9bd766c932d
- SHA512
  
  5cd5c33e341bef928774051e00c2448e623521b4bafa1081503978901a9b08fda157f1809b9140057eec97cadeabe39098d5da4400593cc7fff95c7a0dea0ed3
- SSDEEP
  
  12288:8Yh/TGcg+w9KCwJdcvXumiT3QOrT8Rk0zvInbiPCw18al1USuSZxHHTkG/8H8:8Yh/TGckKCw30IAIQR3O7OjHHApc
Score

3^/10
behavioral1 behavioral2
- Target
  
  CV.vbs
- Size
  
  9KB
- MD5
  
  b428e1a5896337102c8e6b495285aec6
- SHA1
  
  84d5bdf0917b9dbac902c0838c5921b09ce91a9e
- SHA256
  
  72fa2884c5f038acd2c4ab49517e52369f6da3b987d511e3ba3e91e489fe1d77
- SHA512
  
  fa64c044b30c58e1190618dab9701c457811083630fd5d4e3493843ed7619a362e15cdf77582cf665a1cee8eb9e52ba4c86bd69b2b04d9bf86d413172f0cdc21
- SSDEEP
  
  192:mEWITeSjzZaUgrcl/E4rowaD/OCMhiEe1C7p11G0vdzgWF0fkbsgTbpQa:Hu41ajrcpE4rocCMhidGpPGmX0jWbX
Score

10^/10

qakbot bb06 1668492308 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  inducted/madden.tmp
- Size
  
  624KB
- MD5
  
  4fb743accfc28788e3b9b6f58e17638f
- SHA1
  
  936e6631f1a93207fd82d3a87e1af51230bce93d
- SHA256
  
  29f166970ac3a92756ad6029882daba1ac5b832fa2be6a7ef15ab2d6f13caed2
- SHA512
  
  eab73da3eaac93c5bf0ca15363425536c780f8ba236fd342655f50418d9d11f5798959c2460e0d7fa5191958f483b5262ba1bb640dab6efe11d408730085a187
- SSDEEP
  
  12288:i/TGcg+w9KCwJdcvXumiT3QOrT8Rk0zvInbiPCw18al1USuSZxHHTkG/8H:i/TGckKCw30IAIQR3O7OjHHAp
Score

10^/10

qakbot bb06 1668492308 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6