qakbot | 7fb20a58594139dbbc336b804fea50557444cb1eb28cb3b03ca92bfb3d453b81

General

Target

CVSL53.img
Size

722KB
Sample

221115-yxrd3sff64
MD5

48560b2ad2ddbe481494687fb4982f1f
SHA1

a8b13b5164bcde3b2cf1d6bca140b130e06a2b1f
SHA256

7fb20a58594139dbbc336b804fea50557444cb1eb28cb3b03ca92bfb3d453b81
SHA512

059b641e8caef4dfca228ccade4cd01e7bb3b40878423f38565beaf2f1443229ec2835204920381845d1e21c70ba69401b060c080c2c6aae4dd618f1b6e1d038
SSDEEP

12288:6Yh/TGcg+w9KCKJdcvXumiT3QOrT8Rk0zvInbiPCw18al1USuSZxHHTkG/8H8:6Yh/TGckKCK30IAIQR3O7OjHHApc

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.27

Botnet

BB06

Campaign

1668492308

C2

49.175.72.56:443

81.229.117.95:2222

47.41.154.250:443

69.133.162.35:443

84.35.26.14:995

68.47.128.161:443

156.217.219.147:995

87.65.160.87:995

174.101.111.4:443

82.127.174.33:2222

91.169.12.198:32100

24.28.121.122:443

157.231.42.190:995

90.89.95.158:2222

74.33.84.227:443

24.64.114.59:2222

80.13.179.151:2222

64.207.237.118:443

24.206.27.39:443

170.253.25.35:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  CVSL53.img
- Size
  
  722KB
- MD5
  
  48560b2ad2ddbe481494687fb4982f1f
- SHA1
  
  a8b13b5164bcde3b2cf1d6bca140b130e06a2b1f
- SHA256
  
  7fb20a58594139dbbc336b804fea50557444cb1eb28cb3b03ca92bfb3d453b81
- SHA512
  
  059b641e8caef4dfca228ccade4cd01e7bb3b40878423f38565beaf2f1443229ec2835204920381845d1e21c70ba69401b060c080c2c6aae4dd618f1b6e1d038
- SSDEEP
  
  12288:6Yh/TGcg+w9KCKJdcvXumiT3QOrT8Rk0zvInbiPCw18al1USuSZxHHTkG/8H8:6Yh/TGckKCK30IAIQR3O7OjHHApc
Score

3^/10
behavioral1 behavioral2
- Target
  
  CV.vbs
- Size
  
  9KB
- MD5
  
  cf1bab825bcb71752c374e6263e3aca5
- SHA1
  
  5bdc61ddcaadb2ff92d0e63b53c84e195c1b2c55
- SHA256
  
  e4361dd0918b91dbd3f22c4a8559621311a7900e634d13b1aef4d852e61521b4
- SHA512
  
  ea4a7520ae962b8f6387f55c18891f8d96e08ca5ce97a2596164b7e1331a65389bac0dcd06da5556dfe389f34ff52caa0ce87a569b1a8eb87bbc04002224aa57
- SSDEEP
  
  192:mEWseSjzZaUgrcl/E4rowaD/OCMhiEe1C7p11G0vdzgWF0fkbsgTbpQa:H041ajrcpE4rocCMhidGpPGmX0jWbX
Score

10^/10

qakbot bb06 1668492308 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  inducted/dupers.tmp
- Size
  
  624KB
- MD5
  
  d3b4bbe4053292bb32c95a2f00060f6e
- SHA1
  
  efffc10da0456606f0c412051b878a72d0de7331
- SHA256
  
  767f66dabbb02f98240d3c2235d288ad7ed0fa7529560811ee57859d050287b4
- SHA512
  
  37180e796b345c5ce307e4724b14150c2bc497c62a32db5c4d4e66d5fe59c2ea1b0dd84aba64eb01641ce249a94955dde58ae3bfaab75831763d34c2073a035d
- SSDEEP
  
  12288:i/TGcg+w9KCKJdcvXumiT3QOrT8Rk0zvInbiPCw18al1USuSZxHHTkG/8H:i/TGckKCK30IAIQR3O7OjHHAp
Score

10^/10

qakbot bb06 1668492308 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6