qakbot | d5ecfec09e9e72bb3aa188e7a912e4d8adefe3771070ac3d710f40bc4caa20bf

General

Target

CVBT39.img
Size

722KB
Sample

221116-rzmeksff8w
MD5

0bc1a3822c49c25944bd45ca89bd8aaf
SHA1

deba064c86baf56e47cea8218a96d50e042fc9ee
SHA256

d5ecfec09e9e72bb3aa188e7a912e4d8adefe3771070ac3d710f40bc4caa20bf
SHA512

064e1d1146f2a9b9ec9642503a5e8a24a3201da5fc95f5abd74282648bec887922ae00dfd8648662d109565ce771e0e82d685b0748e9ac2daf0a666c31ecca14
SSDEEP

12288:6Y5/TGcg+w9KC9JdcvXumiT3QOrT8Rk0zvInbiPCw18al1USuSZxHHTkG/8H8:6Y5/TGckKC930IAIQR3O7OjHHApc

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.27

Botnet

BB06

Campaign

1668492308

C2

49.175.72.56:443

81.229.117.95:2222

47.41.154.250:443

69.133.162.35:443

84.35.26.14:995

68.47.128.161:443

156.217.219.147:995

87.65.160.87:995

174.101.111.4:443

82.127.174.33:2222

91.169.12.198:32100

24.28.121.122:443

157.231.42.190:995

90.89.95.158:2222

74.33.84.227:443

24.64.114.59:2222

80.13.179.151:2222

64.207.237.118:443

24.206.27.39:443

170.253.25.35:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  CVBT39.img
- Size
  
  722KB
- MD5
  
  0bc1a3822c49c25944bd45ca89bd8aaf
- SHA1
  
  deba064c86baf56e47cea8218a96d50e042fc9ee
- SHA256
  
  d5ecfec09e9e72bb3aa188e7a912e4d8adefe3771070ac3d710f40bc4caa20bf
- SHA512
  
  064e1d1146f2a9b9ec9642503a5e8a24a3201da5fc95f5abd74282648bec887922ae00dfd8648662d109565ce771e0e82d685b0748e9ac2daf0a666c31ecca14
- SSDEEP
  
  12288:6Y5/TGcg+w9KC9JdcvXumiT3QOrT8Rk0zvInbiPCw18al1USuSZxHHTkG/8H8:6Y5/TGckKC930IAIQR3O7OjHHApc
Score

3^/10
behavioral1 behavioral2
- Target
  
  CV.vbs
- Size
  
  9KB
- MD5
  
  01cf2f3f39996a6b482f47d4ac83b1a3
- SHA1
  
  04a07d36b4ccceb66a4bd9a97784b4d5c2aa6623
- SHA256
  
  d58ee7c99b20d9ed1178aa43248ea00e24d25fbe793fc6f3e01bbc22b35808d7
- SHA512
  
  e47b12fe9005060dee9de9eed68e451e62cdfa079c656280b5fead1dce6e8d24a8b68c8c210d39ccb4539a04364c6644e5fa306965d6b15eb2519fb491b68f59
- SSDEEP
  
  192:mEWGeSjzZaUgrcl/E4rowaD/OCMhiEe1C7p11G0vdzgWF0fkbsgTbpQa:Hm41ajrcpE4rocCMhidGpPGmX0jWbX
Score

10^/10

qakbot bb06 1668492308 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  inducted/imperceptive.tmp
- Size
  
  624KB
- MD5
  
  215a07d8a4b31230109aae16357cf1be
- SHA1
  
  6b7bde972267c94afc5386f95da04f9aa417bac2
- SHA256
  
  ebc308a7cc99d76748e71c3bfde6aa1f72ca36bd395884e10cafa00c4f884417
- SHA512
  
  7116b414e0a4871f7a0d7389f62dc688554043c2751e6c48c2ef8e534dbe55a710a186ff6a67f457d3d100f013940542cc86607683988fda4b863de9aabffb28
- SSDEEP
  
  12288:i/TGcg+w9KC9JdcvXumiT3QOrT8Rk0zvInbiPCw18al1USuSZxHHTkG/8H:i/TGckKC930IAIQR3O7OjHHAp
Score

10^/10

qakbot bb06 1668492308 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6