qakbot | 03666aa634cab42b5f474d0bae5d5002f200caea398e2a5522fb495656be86e3

General

Target

ZF57.img
Size

970KB
Sample

221117-1ahjrsfh43
MD5

97c68838983f4c3281b64a90b556d4a8
SHA1

c53d68744aca857499be1d18e88d7264fe80f610
SHA256

03666aa634cab42b5f474d0bae5d5002f200caea398e2a5522fb495656be86e3
SHA512

45af7b30d8691a88cc42f7edeb106735dc17ffd32833f9fcf806fc7d740d80bdc3c5da0b61b7f45ba6b4e4b8ac2cdee83a44a1b475f6a5f14e2c5735fc78d562
SSDEEP

12288:Ko0KwnONVvoo6F+DfZxL4+Dir8lkQ5z4hb9mKFX4GfOs5VBNYRbWAUWWvoYPiwBP:Ko0Kw9o6F+DRt4Tr8lkBhRp2QOU

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB06

Campaign

1668670510

C2

86.225.214.138:2222

71.183.236.133:443

182.66.197.35:443

70.66.199.12:443

76.80.180.154:995

180.151.104.143:443

92.149.205.238:2222

83.110.223.247:443

183.87.31.34:443

105.103.50.1:990

103.141.50.117:995

105.103.50.1:465

105.103.50.1:22

86.130.9.167:2222

86.99.15.243:2222

90.104.22.28:2222

172.117.139.142:995

176.142.207.63:443

142.161.27.232:2222

71.247.10.63:50003

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  ZF57.img
- Size
  
  970KB
- MD5
  
  97c68838983f4c3281b64a90b556d4a8
- SHA1
  
  c53d68744aca857499be1d18e88d7264fe80f610
- SHA256
  
  03666aa634cab42b5f474d0bae5d5002f200caea398e2a5522fb495656be86e3
- SHA512
  
  45af7b30d8691a88cc42f7edeb106735dc17ffd32833f9fcf806fc7d740d80bdc3c5da0b61b7f45ba6b4e4b8ac2cdee83a44a1b475f6a5f14e2c5735fc78d562
- SSDEEP
  
  12288:Ko0KwnONVvoo6F+DfZxL4+Dir8lkQ5z4hb9mKFX4GfOs5VBNYRbWAUWWvoYPiwBP:Ko0Kw9o6F+DRt4Tr8lkBhRp2QOU
Score

3^/10
behavioral1 behavioral2
- Target
  
  WW.js
- Size
  
  9KB
- MD5
  
  2260be0289c101f6e3a8281a8a9c83f3
- SHA1
  
  b8ef87568cf57c566ab759028b7ae6ae0eb9d5fc
- SHA256
  
  4d5583dd744b5bbafea616ccc16fa410cf7c2d68c07f43e456c2ee7d02ac4603
- SHA512
  
  5eee1209ed71751a089548ba1f2f9f96427bfa7ffc00daabff2a8aa79974ebe20ed1e326d6fe9d59c47259230fd37242e136f1215475f7ff5ad31975b2478353
- SSDEEP
  
  192:cSLjDJq0Tavgx685UIroAKbP2KTMhS0OGYm5llWVjAvNzAWMuEvk7MgG+r5A6:LVq2k785UIro8KTMhSeYm5P2jiuuEjP4
Score

10^/10

qakbot bb06 1668670510 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  animators/surpluses.tmp
- Size
  
  835KB
- MD5
  
  72634ea3cd273c8cfd88e4174efcdd78
- SHA1
  
  9ad09c2394defc9e5c12826266a27b61305dad0c
- SHA256
  
  5b90d7023bc0180132bae8d5b901f49ae8077684779fa5a8d4b2d07d9f320230
- SHA512
  
  f9271b46ed76aec7b540f1336b218d600505bcc567a6fd5e4404b94bd6363d95af2af4787752725d1bdd9900fd232c1e6f9ed2cf99a2d111a0958e913ac9da34
- SSDEEP
  
  12288:T6F+DfZxL4+Dir8lkQ5z4hb9mKFX4GfOs5VBNYRbWAUWWvoYPiwBP:T6F+DRt4Tr8lkBhRp2QOU
Score

10^/10

qakbot bb06 1668670510 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6