qakbot | 0260eb4bc99fb08542f0f8e7725a4a22ff64fe2dcb793747699c95a807d2b6ab

General

Target

JG26.img
Size

970KB
Sample

221117-1ty1vsga22
MD5

873961ada0ec8120be8caaa56afef082
SHA1

af56ba15101e314d7bd87ea6217d04c1ab561036
SHA256

0260eb4bc99fb08542f0f8e7725a4a22ff64fe2dcb793747699c95a807d2b6ab
SHA512

c23e626784cc21738c93aa8a3cdaaa277ece4d829a2d76392fd1a95ec56b3f7e5fe9eef53b70e05ea83a39758974122ca9d12de7d8404360c9ff76f16ea27436
SSDEEP

12288:To96F+DfZxL4+Dir8lkQ5z4hbFmKFX4GfOs5VBNYRbWAUWWvoYPiwBPhKwnONVvo:To96F+DRt4Tr8lkBhRp2QOUDKw9

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB06

Campaign

1668670510

C2

86.225.214.138:2222

71.183.236.133:443

182.66.197.35:443

70.66.199.12:443

76.80.180.154:995

180.151.104.143:443

92.149.205.238:2222

83.110.223.247:443

183.87.31.34:443

105.103.50.1:990

103.141.50.117:995

105.103.50.1:465

105.103.50.1:22

86.130.9.167:2222

86.99.15.243:2222

90.104.22.28:2222

172.117.139.142:995

176.142.207.63:443

142.161.27.232:2222

71.247.10.63:50003

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  JG26.img
- Size
  
  970KB
- MD5
  
  873961ada0ec8120be8caaa56afef082
- SHA1
  
  af56ba15101e314d7bd87ea6217d04c1ab561036
- SHA256
  
  0260eb4bc99fb08542f0f8e7725a4a22ff64fe2dcb793747699c95a807d2b6ab
- SHA512
  
  c23e626784cc21738c93aa8a3cdaaa277ece4d829a2d76392fd1a95ec56b3f7e5fe9eef53b70e05ea83a39758974122ca9d12de7d8404360c9ff76f16ea27436
- SSDEEP
  
  12288:To96F+DfZxL4+Dir8lkQ5z4hbFmKFX4GfOs5VBNYRbWAUWWvoYPiwBPhKwnONVvo:To96F+DRt4Tr8lkBhRp2QOUDKw9
Score

3^/10
behavioral1 behavioral2
- Target
  
  WW.js
- Size
  
  9KB
- MD5
  
  c40116fa79f8fdad8945fae0f3a650b8
- SHA1
  
  d6454c49ce5c43b61f7f595a9ece90b60d3518a2
- SHA256
  
  033a5b879b9e31ddea594cbfa1844d5311f1e00b5e143b3ca8cde752bea176e3
- SHA512
  
  400eb7fd6dbfac7dae68b20628211684968074a2ddc9ba47cf6d6ca716e6c04fc9c14fa13c791416a399ac608bddee25c46eb91ef3da33b90b3147954eae7197
- SSDEEP
  
  192:MSLjDJq0Tavgx685UIroAKbP2KTMhS0OGYm5llWVjAvNzAWMuEvk7MgG+r5A6:bVq2k785UIro8KTMhSeYm5P2jiuuEjP4
Score

10^/10

qakbot bb06 1668670510 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  animators/breakables.tmp
- Size
  
  835KB
- MD5
  
  4463dab59e9e0e5d5cc1b5c0a7bb3ca7
- SHA1
  
  adfa14a7ec560395c3271d05c452582f7c10de1a
- SHA256
  
  88bb80226f8427b7b2704141012d6a4aea31262596ab0ce35f1e4638c8a10e72
- SHA512
  
  ad5080ca98d07ce321c3056090f9881a0dcac763d9f97e70a12d2adb262f3cf230e713a819cfe3fcedeb6201d55d3ba215f3f9a67cfff3ea00cc40123a5d0c1d
- SSDEEP
  
  12288:T6F+DfZxL4+Dir8lkQ5z4hbFmKFX4GfOs5VBNYRbWAUWWvoYPiwBP:T6F+DRt4Tr8lkBhRp2QOU
Score

10^/10

qakbot bb06 1668670510 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6