qakbot | 41217bc66fce02e1ca522b6894719dea8a7db86cd44e0ae9951934c47e62afdc

Sharing

Copy URL

Twitter E-mail

General

Target

YU10.img.zip
Size

539KB
Sample

221116-w4nknacd44
MD5

903250d2f5324ffc8503f0d8387748e8
SHA1

dc0d57a86f0b9f0c16c27785fcf855f4542c15f9
SHA256

41217bc66fce02e1ca522b6894719dea8a7db86cd44e0ae9951934c47e62afdc
SHA512

43ce870fabd7cfa3c0d54cec2dd6c03c7e91f1e7f1a97c0f4299551d4a3f76063a5631f15bfb143640352598f411d98241ac1ae3a338e5b7670084a8a3d7a4e8
SSDEEP

12288:RN3KbiFZTdw/TEEKUut86v7mOIIXakP4Sp07T+iwIyu1:P6bivTdQTvKtt8wplXafs0mbIt

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB06

Campaign

1668610672

87.243.146.59:443

90.104.22.28:2222

200.93.14.206:2222

86.171.75.63:443

92.185.204.18:2078

86.225.214.138:2222

152.170.17.136:443

92.27.86.48:2222

76.80.180.154:995

71.31.101.183:443

91.254.215.167:443

73.22.121.210:443

87.202.101.164:50000

24.228.132.224:2222

70.121.198.103:2078

186.28.85.119:995

193.251.52.34:2222

98.211.64.94:443

172.117.139.142:995

70.51.153.72:2222

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Extracted

Family

qakbot

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  SK.vbs
- Size
  
  9KB
- MD5
  
  59bb95ee8b343555de573a6c238576c1
- SHA1
  
  9cc33262614c7a5fc15f7e5c3a4bdba0313e835f
- SHA256
  
  8eda6785332238acc94712f9317cd8355919050419b047a11bf219d5075d4a4d
- SHA512
  
  d10311e3aa844def44e801bfa3e90b2e638720ef505228f71a0d31f23a2dc8c752e894205e7f35958eccb2a036856397e6c19d9387193784ec62df3f695b5aca
- SSDEEP
  
  192:JeSjzZaUgrcl/E4rowaD/OCMhiEe1C7p11G0vdzgWF0fkbsgTbpQa:U41ajrcpE4rocCMhidGpPGmX0jWbX
Score

10^/10

qakbot bb06 1668610672 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  cushioned/jodhpurs.txt
- Size
  
  278KB
- MD5
  
  67a9edf9219e665027b0dba649351996
- SHA1
  
  b6fe3ffb41c22f5fd7ca4222b5f9e6f58ec727c3
- SHA256
  
  ff925ea578bb4ce63ff47ca46ae644d84cd771b657a696c7f1cdff77245ae0ba
- SHA512
  
  ef98a48bc7a449f570e82aa8ddc675c588425d5ee74b4f2b9b57bcabf63012bfa37e8864a52a4cf95b21a37492de009d211e10056e295dea67dd5b83fb974909
- SSDEEP
  
  6144:jigwnDbwqP6wbTRwJtO4RoTb6wSwlBKcwtSnwCODHH5GTDpSDOaeH2rzOatHCta5:RwvwJwRwJtO6wSw5wqwCODHHHOaeH2vV
Score

1^/10
behavioral3 behavioral4
- Target
  
  cushioned/slake.tmp
- Size
  
  528KB
- MD5
  
  73866a78e8fdb00336d819e23fb84258
- SHA1
  
  254bde4b70cae3ca4dfbdadccaf9d62bfa55c0b4
- SHA256
  
  3bc80944315e6d83de550ebabfd272c9c474b95eb47d48eabb1a4641e2141b29
- SHA512
  
  1f5ed5b71b6c5b05ebb284e242e78913ec97663fa49c53ef4fe8eb180a6955a51037b48c325fa4eed78b32be48e0fe084131b209a8d2b3d482d195ebbdd54606
- SSDEEP
  
  12288:Sx4YGJ7FVsr0DUESxWf9TQGWCIQ1HvhL3iL/wXLK:Sx4Yk7A4DUESxc9MuI4vhL3tX
Score

10^/10

qakbot bb06 1668610672 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6
- Target
  
  cushioned/vista.jpg
- Size
  
  115KB
- MD5
  
  f771fd8605859aa7d6280cab53d10f97
- SHA1
  
  1a80b950baeb0414d3127546ad3c39a4f7fe1324
- SHA256
  
  7a31114ee8d14a44219db8fa8ac86aeaba055bd14f4408a0ed398b6ee15f49cd
- SHA512
  
  420b0d8a2cd5505108e64ffb7b0628f8bfb070efa819345e8ae2a3ffc4c66c2678382031595d33ccd75baef17136e1214508ad75ebf42b33cd130faaf01819ab
- SSDEEP
  
  3072:Ycra7JI2gNjIB3HBuEsuNW7lBrKd+AZG9rOWC:ZrKJ9C8k2wlBrKdkrBC
Score

3^/10
behavioral7 behavioral8
- Target
  
  data.txt
- Size
  
  4B
- MD5
  
  d5aa073a3b23d7c09b6dd85845fe043c
- SHA1
  
  19d35896d71c77362a9fb93c29885bac45b2c9ba
- SHA256
  
  d8fe2b17e090515cc50d18b20ccd07f427d793819f45c95b93301968895c59d6
- SHA512
  
  173df5dcc5a7c4682a7d3ed4d5e4c6790653199cf9b1e9cb425ca5ab3bfef6ee84de40f3efdd250c90f47e17191af7feb391b18709b98cfe2666d521121d64be
Score

1^/10
behavioral10 behavioral9

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10