qakbot | ea64bba77296ccdd5522c8c70186b962425239c98b77dc1bcbb7f66530ba9703

General

Target

CVUO05.img
Size

722KB
Sample

221116-a3gj3ace2v
MD5

d9e7ba5bf8b8d43cd61c6bcaf53bcc77
SHA1

eb215ad50be152723eea669c5230ab8688e1edd8
SHA256

ea64bba77296ccdd5522c8c70186b962425239c98b77dc1bcbb7f66530ba9703
SHA512

146fc4334812d8a4378d10ba70ccbc1b9584422a0eedff0562b85a223fbd1cb579169c2a4a3df5b494262ecb1a8727451b3503e9550713ff8f0c407098e17756
SSDEEP

12288:mY5/TGcg+w9KCyJdcvXumiT3QOrT8Rk0zvInbiPCw18al1USuSZxHHTkG/8H8:mY5/TGckKCy30IAIQR3O7OjHHApc

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.27

Botnet

BB06

Campaign

1668492308

C2

49.175.72.56:443

81.229.117.95:2222

47.41.154.250:443

69.133.162.35:443

84.35.26.14:995

68.47.128.161:443

156.217.219.147:995

87.65.160.87:995

174.101.111.4:443

82.127.174.33:2222

91.169.12.198:32100

24.28.121.122:443

157.231.42.190:995

90.89.95.158:2222

74.33.84.227:443

24.64.114.59:2222

80.13.179.151:2222

64.207.237.118:443

24.206.27.39:443

170.253.25.35:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  CVUO05.img
- Size
  
  722KB
- MD5
  
  d9e7ba5bf8b8d43cd61c6bcaf53bcc77
- SHA1
  
  eb215ad50be152723eea669c5230ab8688e1edd8
- SHA256
  
  ea64bba77296ccdd5522c8c70186b962425239c98b77dc1bcbb7f66530ba9703
- SHA512
  
  146fc4334812d8a4378d10ba70ccbc1b9584422a0eedff0562b85a223fbd1cb579169c2a4a3df5b494262ecb1a8727451b3503e9550713ff8f0c407098e17756
- SSDEEP
  
  12288:mY5/TGcg+w9KCyJdcvXumiT3QOrT8Rk0zvInbiPCw18al1USuSZxHHTkG/8H8:mY5/TGckKCy30IAIQR3O7OjHHApc
Score

3^/10
behavioral1 behavioral2
- Target
  
  CV.vbs
- Size
  
  9KB
- MD5
  
  9fce32684f6693aa2215a587cb7e98a8
- SHA1
  
  e761a29b3f36da8b629a4f2f3f9fced8443f6b93
- SHA256
  
  3cbd7b0f45e7247334f8f4076aba571cbc4f364cbf336721dc60fef9e8814eef
- SHA512
  
  fd11b0ba3b3b827dd03465a78c468896d1294a1023292a1f1731103e33d2b4bc43cd78eee9b0d3377d8a46c0e69928bc123eadf0d5c9f0be78053848f795de47
- SSDEEP
  
  192:mEWHeSjzZaUgrcl/E4rowaD/OCMhiEe1C7p11G0vdzgWF0fkbsgTbpQa:HZ41ajrcpE4rocCMhidGpPGmX0jWbX
Score

10^/10

qakbot bb06 1668492308 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  inducted/dialectician.tmp
- Size
  
  624KB
- MD5
  
  61cb51a3422ad88774ec78dc24a2bcae
- SHA1
  
  349a2830a85c2dead6086af220095240ac25b504
- SHA256
  
  abfc28ce48d181c493f9c06840d2a0f133279cd224f0904a658b9fdda0db574e
- SHA512
  
  b1e5cd2906187260853ed88daab2de1d18d15ac87e4a6b1f8ddffcf2ad26b1610af7b67ccaa09bd2efab995fdc62d56c025306700686952fec23cff7ee4c4f0e
- SSDEEP
  
  12288:i/TGcg+w9KCyJdcvXumiT3QOrT8Rk0zvInbiPCw18al1USuSZxHHTkG/8H:i/TGckKCy30IAIQR3O7OjHHAp
Score

10^/10

qakbot bb06 1668492308 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6