qakbot | 48df2d681985f5f67c5471110da66df7923a8a475bd18f30e97c2b6b249012e2

General

Target

CVSR81.img
Size

722KB
Sample

221115-xvertsfd52
MD5

04599eee1bfb6c7ba2766194f2ba83c0
SHA1

d43cc489c881a0956064f2821dfe1572b44bc09d
SHA256

48df2d681985f5f67c5471110da66df7923a8a475bd18f30e97c2b6b249012e2
SHA512

78ae5c95c407840f61d53b97e740884f8a6578ecb4c42eed436bc812ca456c2765fea4dfb3af0bcc57899347a62611ec2e1337e093826d7dff9ac74bc1ae5eca
SSDEEP

12288:5YX/TGcg+w9KCfJdcvXumiT3QOrT8Rk0zvInbiPCw18al1USuSZxHHTkG/8H8:5YX/TGckKCf30IAIQR3O7OjHHApc

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.27

Botnet

BB06

Campaign

1668492308

C2

49.175.72.56:443

81.229.117.95:2222

47.41.154.250:443

69.133.162.35:443

84.35.26.14:995

68.47.128.161:443

156.217.219.147:995

87.65.160.87:995

174.101.111.4:443

82.127.174.33:2222

91.169.12.198:32100

24.28.121.122:443

157.231.42.190:995

90.89.95.158:2222

74.33.84.227:443

24.64.114.59:2222

80.13.179.151:2222

64.207.237.118:443

24.206.27.39:443

170.253.25.35:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  CVSR81.img
- Size
  
  722KB
- MD5
  
  04599eee1bfb6c7ba2766194f2ba83c0
- SHA1
  
  d43cc489c881a0956064f2821dfe1572b44bc09d
- SHA256
  
  48df2d681985f5f67c5471110da66df7923a8a475bd18f30e97c2b6b249012e2
- SHA512
  
  78ae5c95c407840f61d53b97e740884f8a6578ecb4c42eed436bc812ca456c2765fea4dfb3af0bcc57899347a62611ec2e1337e093826d7dff9ac74bc1ae5eca
- SSDEEP
  
  12288:5YX/TGcg+w9KCfJdcvXumiT3QOrT8Rk0zvInbiPCw18al1USuSZxHHTkG/8H8:5YX/TGckKCf30IAIQR3O7OjHHApc
Score

3^/10
behavioral1 behavioral2
- Target
  
  CV.vbs
- Size
  
  9KB
- MD5
  
  6a465590731de61baa492abc89e2c4e3
- SHA1
  
  f5b396bf103898cb363fe4d60536b5f8b282fb5d
- SHA256
  
  3d303676768d1fba9f1b8707845e0c3ab426d33ca2d2cd737de7031a1990b89b
- SHA512
  
  22b6265ef381367397395cd4b3d28b905167f476150fa5dd2e2cb9e3a88c15fda1c65baeb0585b72f61fca182dd0439a4ab5d84c7c65988df330da7015c1bbb7
- SSDEEP
  
  192:mEWieSjzZaUgrcl/E4rowaD/OCMhiEe1C7p11G0vdzgWF0fkbsgTbpQa:HA41ajrcpE4rocCMhidGpPGmX0jWbX
Score

10^/10

qakbot bb06 1668492308 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  inducted/muscovite.tmp
- Size
  
  624KB
- MD5
  
  fc142a16019f2992180c59ed2c9d8d4f
- SHA1
  
  259fbdcbb0a00ea5eff3c9c6afc57badb6714da6
- SHA256
  
  3792788f81cceea69a5b82930fd2515984c6c058195e8fef97ce678a59f770af
- SHA512
  
  652f8e2b5535f69facce3917c5b32ee920d63c647da238d47450642b2bcbd761cdfc286bfa06012d927600e6d899fd98a5dcbdb57dfbe15c0b39fc8c9e62674d
- SSDEEP
  
  12288:i/TGcg+w9KCfJdcvXumiT3QOrT8Rk0zvInbiPCw18al1USuSZxHHTkG/8H:i/TGckKCf30IAIQR3O7OjHHAp
Score

10^/10

qakbot bb06 1668492308 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6