qakbot | 49cae57a7ece00af7ea93c38b031d90d45c103d5ff1de1d205f23437e2a04e27

General

Target

MI41.img
Size

996KB
Sample

221116-3c8j3shc5w
MD5

2bd47a3018960d9438e41a85221c304f
SHA1

9e21727a38a93e72ea808f2effbc1f91916ecd8c
SHA256

49cae57a7ece00af7ea93c38b031d90d45c103d5ff1de1d205f23437e2a04e27
SHA512

03a1bc728b488a1ec6ef227ba0ecedc90f7b4411f96772654ec96f45bf528cc2fe21a3b845cb793e91844030d6a539a4a2e6e4f9a442000f5df15aba198d6776
SSDEEP

24576:RYFx4Yk7A4DUESxc9MuI4vhL3tXwwvwJwRwJZwSw5wqwfHH8H2HHLwu2Hk:0uY0ArHRT4vJ3tXwwvwJwRwJZwSw5wqj

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB06

Campaign

1668610672

C2

87.243.146.59:443

90.104.22.28:2222

200.93.14.206:2222

86.171.75.63:443

92.185.204.18:2078

86.225.214.138:2222

152.170.17.136:443

92.27.86.48:2222

76.80.180.154:995

71.31.101.183:443

91.254.215.167:443

73.22.121.210:443

87.202.101.164:50000

24.228.132.224:2222

70.121.198.103:2078

186.28.85.119:995

193.251.52.34:2222

98.211.64.94:443

172.117.139.142:995

70.51.153.72:2222

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Extracted

Family

qakbot

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  MI41.img
- Size
  
  996KB
- MD5
  
  2bd47a3018960d9438e41a85221c304f
- SHA1
  
  9e21727a38a93e72ea808f2effbc1f91916ecd8c
- SHA256
  
  49cae57a7ece00af7ea93c38b031d90d45c103d5ff1de1d205f23437e2a04e27
- SHA512
  
  03a1bc728b488a1ec6ef227ba0ecedc90f7b4411f96772654ec96f45bf528cc2fe21a3b845cb793e91844030d6a539a4a2e6e4f9a442000f5df15aba198d6776
- SSDEEP
  
  24576:RYFx4Yk7A4DUESxc9MuI4vhL3tXwwvwJwRwJZwSw5wqwfHH8H2HHLwu2Hk:0uY0ArHRT4vJ3tXwwvwJwRwJZwSw5wqj
Score

3^/10
behavioral1 behavioral2
- Target
  
  SK.vbs
- Size
  
  9KB
- MD5
  
  6787a2ba6ef6533217c12be4d47664a5
- SHA1
  
  fb60b25034fb5e5c6519cc7dc139244219079ef2
- SHA256
  
  36bba8cb6094bb2411a3db3933e5f7ecac9ffa862d58b76969c5a368e9f1e1e0
- SHA512
  
  d2f45d1be24e3c87fe079cf98c7b39a5934c16c150b2e0486f7c1712310c51752972280d00e62469b6298ff37c18a34bd1a15ec72e2b6bfaaf81c0c1ade34113
- SSDEEP
  
  192:bQeSjzZaUgrcl/E4rowaD/OCMhiEe1C7p11G0vdzgWF0fkbsgTbpQa:bb41ajrcpE4rocCMhidGpPGmX0jWbX
Score

10^/10

qakbot bb06 1668610672 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  cushioned/diadems.tmp
- Size
  
  528KB
- MD5
  
  19f2fa7e88b2d6d78d7112dfe626735a
- SHA1
  
  451beed71c23785a2a09df0cded7c4a5c244f4a6
- SHA256
  
  4e5ef0aad953ba210a117dba22f36ba069ce07b07b01b120111324b239a2070d
- SHA512
  
  724175f5cc92af2a08b17cace63eec38f96c8712caa8eef72fe7ccff81382dd769c6a005135acf6fedb34744fcdbeddba7820ba23829fff28750a29fdee2d550
- SSDEEP
  
  12288:Sx4YGJ7FVsr0DUESxWf9TQGWCIQ1HvhL3iL/wXLK:Sx4Yk7A4DUESxc9MuI4vhL3tX
Score

10^/10

qakbot bb06 1668610672 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6