qakbot | 07ca6bef6ca567c4fb982a5dfc5c3f7aa1ec86b406401b6b01a344cbeb7089e6

General

Target

EW61.img
Size

970KB
Sample

221117-31qdeacb5s
MD5

56b0aa615092e5ebc9fde96d4e07350e
SHA1

27f9a601fd991c08351b19c148bc339bde51d145
SHA256

07ca6bef6ca567c4fb982a5dfc5c3f7aa1ec86b406401b6b01a344cbeb7089e6
SHA512

81dcc18bbdceb0ba8c45969706f8a00ca383f48c2abfc612e58035cdb2278daabf8971c1d32d1a32a5592fa79947a7ca562cde9d44970c648a7865f2fe56a3ac
SSDEEP

12288:yoeKwnON76F+DfZxL4+Dir8lkQ5z4hbrmKFX4GfOs5VBNYRbWAUWWvoYPiwBP2vo:yoeKwW6F+DRt4Tr8lkBh/p2QOUZ

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB06

Campaign

1668670510

C2

86.225.214.138:2222

71.183.236.133:443

182.66.197.35:443

70.66.199.12:443

76.80.180.154:995

180.151.104.143:443

92.149.205.238:2222

83.110.223.247:443

183.87.31.34:443

105.103.50.1:990

103.141.50.117:995

105.103.50.1:465

105.103.50.1:22

86.130.9.167:2222

86.99.15.243:2222

90.104.22.28:2222

172.117.139.142:995

176.142.207.63:443

142.161.27.232:2222

71.247.10.63:50003

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  EW61.img
- Size
  
  970KB
- MD5
  
  56b0aa615092e5ebc9fde96d4e07350e
- SHA1
  
  27f9a601fd991c08351b19c148bc339bde51d145
- SHA256
  
  07ca6bef6ca567c4fb982a5dfc5c3f7aa1ec86b406401b6b01a344cbeb7089e6
- SHA512
  
  81dcc18bbdceb0ba8c45969706f8a00ca383f48c2abfc612e58035cdb2278daabf8971c1d32d1a32a5592fa79947a7ca562cde9d44970c648a7865f2fe56a3ac
- SSDEEP
  
  12288:yoeKwnON76F+DfZxL4+Dir8lkQ5z4hbrmKFX4GfOs5VBNYRbWAUWWvoYPiwBP2vo:yoeKwW6F+DRt4Tr8lkBh/p2QOUZ
Score

3^/10
behavioral1 behavioral2
- Target
  
  WW.js
- Size
  
  9KB
- MD5
  
  e392f7722d1015fd5773e7548d66cb83
- SHA1
  
  336a732a8b5082258571c31a5ef3e74933e8a0dd
- SHA256
  
  fd7edcb74cf0d5c944317e55af88800227223611cf76ecaacb670a0fedf83e7e
- SHA512
  
  a4e8f1860aa2ccaf3943586d0708560f4c1d40b47ef3453237a8577ec753ba49d15fa92e9ccd43323da46cc13e2ed940eabbc1c1cfa2f1ea0a72e38c5c98ead5
- SSDEEP
  
  192:kSLjDJq0Tavgx685UIroAKbP2KTMhS0OGYm5llWVjAvNzAWMuEvk7MgG+r5A6:zVq2k785UIro8KTMhSeYm5P2jiuuEjP4
Score

10^/10

qakbot bb06 1668670510 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  animators/simultaneity.tmp
- Size
  
  835KB
- MD5
  
  6567d11730bd674e72b263696e858f44
- SHA1
  
  ddaf6593c4eb1cc0c99521d7ab36f0ddeffd70a8
- SHA256
  
  2b03529881c7b827668fa6194777edd6d856718f97bb04ca412c94d092135038
- SHA512
  
  8a10be07d1620a2f8c6c9d42fe9b4f42e3f1848f3bab893bd7d9e5d6978f49baf90a2050dfb0b188a7e3100329ce83547b67fe73e00f43be3c41e5aee126ef8c
- SSDEEP
  
  12288:T6F+DfZxL4+Dir8lkQ5z4hbrmKFX4GfOs5VBNYRbWAUWWvoYPiwBP:T6F+DRt4Tr8lkBh/p2QOU
Score

10^/10

qakbot bb06 1668670510 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6