qakbot | 0683830c1e77a33ee4d92109770cbaca0a7af5ff46aabc2e840d55a1e90c5b2d

General

Target

FE95.img
Size

996KB
Sample

221116-2h7z3ahb9w
MD5

1008647a6a70e1df84bf8925a3029994
SHA1

93baf5dfdaeb8d877faff27b7307c448e23b6986
SHA256

0683830c1e77a33ee4d92109770cbaca0a7af5ff46aabc2e840d55a1e90c5b2d
SHA512

4af9e1368bc402ef42c46a324677fecadb875b56694f24f355b44a71d7fd59d4e1fbe74865650d6466e0b8ee1078597f200fa27564ee39450b0a380ca4644ee3
SSDEEP

24576:MY6wvwJwRwJZwSw5wqwfHH8H2HHLwRx4Yk7A4DUESxl9MuI4vhL3tXC2Hk:KwvwJwRwJZwSw5wqwfHH8H2HHLwRuY0E

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB06

Campaign

1668610672

C2

87.243.146.59:443

90.104.22.28:2222

200.93.14.206:2222

86.171.75.63:443

92.185.204.18:2078

86.225.214.138:2222

152.170.17.136:443

92.27.86.48:2222

76.80.180.154:995

71.31.101.183:443

91.254.215.167:443

73.22.121.210:443

87.202.101.164:50000

24.228.132.224:2222

70.121.198.103:2078

186.28.85.119:995

193.251.52.34:2222

98.211.64.94:443

172.117.139.142:995

70.51.153.72:2222

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  FE95.img
- Size
  
  996KB
- MD5
  
  1008647a6a70e1df84bf8925a3029994
- SHA1
  
  93baf5dfdaeb8d877faff27b7307c448e23b6986
- SHA256
  
  0683830c1e77a33ee4d92109770cbaca0a7af5ff46aabc2e840d55a1e90c5b2d
- SHA512
  
  4af9e1368bc402ef42c46a324677fecadb875b56694f24f355b44a71d7fd59d4e1fbe74865650d6466e0b8ee1078597f200fa27564ee39450b0a380ca4644ee3
- SSDEEP
  
  24576:MY6wvwJwRwJZwSw5wqwfHH8H2HHLwRx4Yk7A4DUESxl9MuI4vhL3tXC2Hk:KwvwJwRwJZwSw5wqwfHH8H2HHLwRuY0E
Score

3^/10
behavioral1 behavioral2
- Target
  
  SK.vbs
- Size
  
  9KB
- MD5
  
  4e77562ceed5739c18e9c8785a5f83fd
- SHA1
  
  b38364091ab800c8db2b5a9fd407f07c6b38fc1a
- SHA256
  
  7c7a88f9b7f8f8a2fbe8a102d9f0b9f68efd5784919ac321906cf2c7ce907da0
- SHA512
  
  a771d51da9c865fcbd94282f4d479f614fd055740a62f53a471dc388d70793fb7328d442acb74188f93514f0ff721a39d19d271fd7647bf84d88fbe13737e539
- SSDEEP
  
  192:AeSjzZaUgrcl/E4rowaD/OCMhiEe1C7p11G0vdzgWF0fkbsgTbpQa:r41ajrcpE4rocCMhidGpPGmX0jWbX
Score

10^/10

qakbot bb06 1668610672 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  cushioned/neatness.tmp
- Size
  
  528KB
- MD5
  
  ed5c3568a248609f9c2c5402181d88f9
- SHA1
  
  448fa83e6b3fe303c83e39f0e0af4ec93baa1ab5
- SHA256
  
  350811db5118a027c1e92e757c7ca0b60c016c522d9eae049b886345f23a5ca4
- SHA512
  
  c208c87b93dc33513012f83f961eadeea21a772d135f132dcb6c7bc28fe494bbc15567865b94cb5c1724a25b78ed8db21b0abac976e83386456e8c502040837b
- SSDEEP
  
  12288:Sx4YGJ7FVsr0DUESxZf9TQGWCIQ1HvhL3iL/wXLK:Sx4Yk7A4DUESxl9MuI4vhL3tX
Score

10^/10

qakbot bb06 1668610672 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6