qakbot | db80bce5f60b0c1aa03037237433b9afacba7a114875b3908afedaebecb60bd1

General

Target

EC59.zip
Size

539KB
Sample

221116-wlej2agc3w
MD5

3c6ba9a7f027b4ed21eb1a21be72fe62
SHA1

c8837a77cdd0daa109b10eec0b21939a4b0c0f4d
SHA256

db80bce5f60b0c1aa03037237433b9afacba7a114875b3908afedaebecb60bd1
SHA512

94a2e09a781562c343591bb14c4baf944931fa1fafffeac108a87e38c2f6874655fde69b1ed4db5dc657df897931d4faebaa6c16b1721e7fa3bacf43ae1b296e
SSDEEP

12288:2Fp32MBofRne0wYEcnW4w/VvgDH8C69eZiQoO+Aq28Dvr/IeQsrXpf/tn2t3:PLpe2EcW3vgDH8zMiQceM7IeQaZfZ2t3

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB06

Campaign

1668610672

C2

87.243.146.59:443

90.104.22.28:2222

200.93.14.206:2222

86.171.75.63:443

92.185.204.18:2078

86.225.214.138:2222

152.170.17.136:443

92.27.86.48:2222

76.80.180.154:995

71.31.101.183:443

91.254.215.167:443

73.22.121.210:443

87.202.101.164:50000

24.228.132.224:2222

70.121.198.103:2078

186.28.85.119:995

193.251.52.34:2222

98.211.64.94:443

172.117.139.142:995

70.51.153.72:2222

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Extracted

Family

qakbot

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  SK.vbs
- Size
  
  9KB
- MD5
  
  09b217ebf0d108db7aba18c032bfd4b6
- SHA1
  
  162c140bd1abdc19dca91afe59251868efae9d60
- SHA256
  
  8562911800d6ae26b435c18fb217eba6a50fe7e93db49362c343ca522009e00d
- SHA512
  
  06a148cfbd7998e467301eeeefcd162f255d83707a452d58820b910d0667f4f86c71a8ed6f27b9e0a4b6e99452b8c02a3229971c67d344046dad5d6b11409e5d
- SSDEEP
  
  192:teSjzZaUgrcl/E4rowaD/OCMhiEe1C7p11G0vdzgWF0fkbsgTbpQa:g41ajrcpE4rocCMhidGpPGmX0jWbX
Score

10^/10

qakbot bb06 1668610672 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  cushioned/subsidized.tmp
- Size
  
  528KB
- MD5
  
  49f7cc6de9d7f780ba451cf87d7be0a4
- SHA1
  
  b44e95c77c6a21d473d0a9d1e4dbec4e5874c848
- SHA256
  
  40d050f531b57ebeef82d047638bd11795b203ac9132ff9203d1096843f68e44
- SHA512
  
  adfa0a0853245ede9b7fa2a1eca63fc537404b9bb9d2cc24d171f18932ae1fb8ca6a199cef3d4166550a41fd4c254f2ee501f6d29f9ffc284624996b6332c7e0
- SSDEEP
  
  12288:Sx4YGJ7FVsr0DUESxmf9TQGWCIQ1HvhL3iL/wXLK:Sx4Yk7A4DUESxs9MuI4vhL3tX
Score

10^/10

qakbot bb06 1668610672 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4