qakbot | 8302aaa90f7757bb976115ea74c068ff3e699b08fd22526ab705c5c8bcdc155c

General

Target

CU20.img
Size

996KB
Sample

221116-2tr3zsdc49
MD5

2a76c3791469f0659a1d9c81ea3fda16
SHA1

622903509a4d8a90be943c33d9bcc73d943d3b0c
SHA256

8302aaa90f7757bb976115ea74c068ff3e699b08fd22526ab705c5c8bcdc155c
SHA512

9b74eaa3d60f9f6d626e0a312ee1a51f521472ee3490dd6165153f4481a203897cac06d7f884e7ec583e40f754da8723996116b26a2821ac6a4e91fbd645c69e
SSDEEP

24576:GYowvwJwRwJZwSw5wqwfHH8H2HHLwRx4Yk7A4DUESxg9MuI4vhL3tXC2Hk:WwvwJwRwJZwSw5wqwfHH8H2HHLwRuY09

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB06

Campaign

1668610672

C2

87.243.146.59:443

90.104.22.28:2222

200.93.14.206:2222

86.171.75.63:443

92.185.204.18:2078

86.225.214.138:2222

152.170.17.136:443

92.27.86.48:2222

76.80.180.154:995

71.31.101.183:443

91.254.215.167:443

73.22.121.210:443

87.202.101.164:50000

24.228.132.224:2222

70.121.198.103:2078

186.28.85.119:995

193.251.52.34:2222

98.211.64.94:443

172.117.139.142:995

70.51.153.72:2222

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Extracted

Family

qakbot

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  CU20.img
- Size
  
  996KB
- MD5
  
  2a76c3791469f0659a1d9c81ea3fda16
- SHA1
  
  622903509a4d8a90be943c33d9bcc73d943d3b0c
- SHA256
  
  8302aaa90f7757bb976115ea74c068ff3e699b08fd22526ab705c5c8bcdc155c
- SHA512
  
  9b74eaa3d60f9f6d626e0a312ee1a51f521472ee3490dd6165153f4481a203897cac06d7f884e7ec583e40f754da8723996116b26a2821ac6a4e91fbd645c69e
- SSDEEP
  
  24576:GYowvwJwRwJZwSw5wqwfHH8H2HHLwRx4Yk7A4DUESxg9MuI4vhL3tXC2Hk:WwvwJwRwJZwSw5wqwfHH8H2HHLwRuY09
Score

3^/10
behavioral1 behavioral2
- Target
  
  SK.vbs
- Size
  
  9KB
- MD5
  
  d5bf775d62b7e0bda40f2ed5e0b326dd
- SHA1
  
  74059fed2720460be38fd469a7e836bf387089aa
- SHA256
  
  2b4e0b0f79f314eed6bac0f39537361326eb93c4bfcda6f106035fa3ad367e3f
- SHA512
  
  e8a2362ddfb6d8861382b4abb929f0a70421497d8cf93767b720125f42c3b21732c5ee28886acee69404d8c2ca18c666b859253197d718ccc812e46558f866c1
- SSDEEP
  
  192:feSjzZaUgrcl/E4rowaD/OCMhiEe1C7p11G0vdzgWF0fkbsgTbpQa:241ajrcpE4rocCMhidGpPGmX0jWbX
Score

10^/10

qakbot bb06 1668610672 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  cushioned/pamphlets.tmp
- Size
  
  528KB
- MD5
  
  9a915c93b17147c6dbc4282aa98d5528
- SHA1
  
  f06c862474781d70490b09f28127c0b243a51cca
- SHA256
  
  c1478e7e07c24ca5543d31291ffd7f19c44f46da2e95fc068aaa19742130f9d3
- SHA512
  
  f4a2d44d365db604690c5c18b6d1d016a89a8d6d9969b16ec73bb118e66fd0993a3d2b5c8b72f5c6221bbd7241c7cfa0a1073dd24162e0579055652ff4f06f12
- SSDEEP
  
  12288:Sx4YGJ7FVsr0DUESxaf9TQGWCIQ1HvhL3iL/wXLK:Sx4Yk7A4DUESxg9MuI4vhL3tX
Score

10^/10

qakbot bb06 1668610672 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6