qakbot | adf34d14038038ba873c7a682b81fdea8bfee750bb79baff418395eff1f43dd8

General

Target

ID37.img
Size

970KB
Sample

221117-3gcm7sgb85
MD5

ce217cdd7c22441a909229797783c29b
SHA1

1a38d960944c47023904553e1a19c606cf8dab43
SHA256

adf34d14038038ba873c7a682b81fdea8bfee750bb79baff418395eff1f43dd8
SHA512

0336d1f57b4879bf964a5c1174768c303d498610dd7fa99d4974dc0b1d9bda898b8bc09a02805cded8504dcc6b8e03724ada76fdb448b4b518787969b2a837ae
SSDEEP

12288:jouKwnON76F+DfZxL4+Dir8lkQ5z4hbimKFX4GfOs5VBNYRbWAUWWvoYPiwBP2vo:jouKwW6F+DRt4Tr8lkBhOp2QOUZ

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB06

Campaign

1668670510

C2

86.225.214.138:2222

71.183.236.133:443

182.66.197.35:443

70.66.199.12:443

76.80.180.154:995

180.151.104.143:443

92.149.205.238:2222

83.110.223.247:443

183.87.31.34:443

105.103.50.1:990

103.141.50.117:995

105.103.50.1:465

105.103.50.1:22

86.130.9.167:2222

86.99.15.243:2222

90.104.22.28:2222

172.117.139.142:995

176.142.207.63:443

142.161.27.232:2222

71.247.10.63:50003

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  ID37.img
- Size
  
  970KB
- MD5
  
  ce217cdd7c22441a909229797783c29b
- SHA1
  
  1a38d960944c47023904553e1a19c606cf8dab43
- SHA256
  
  adf34d14038038ba873c7a682b81fdea8bfee750bb79baff418395eff1f43dd8
- SHA512
  
  0336d1f57b4879bf964a5c1174768c303d498610dd7fa99d4974dc0b1d9bda898b8bc09a02805cded8504dcc6b8e03724ada76fdb448b4b518787969b2a837ae
- SSDEEP
  
  12288:jouKwnON76F+DfZxL4+Dir8lkQ5z4hbimKFX4GfOs5VBNYRbWAUWWvoYPiwBP2vo:jouKwW6F+DRt4Tr8lkBhOp2QOUZ
Score

3^/10
behavioral1 behavioral2
- Target
  
  WW.js
- Size
  
  9KB
- MD5
  
  70ab09e42365094a527754f013078ff2
- SHA1
  
  a0b588a1d6aa22c3ea0e09fc18ccacbceeffa991
- SHA256
  
  442fd80af3b26e77595a98b53b23885e355274254ad06fee70d9a9e0af22925c
- SHA512
  
  e3c40d5393f2e80a44839aea4a4764059ac3a0910f8f87b04a2c5248a391e7d20b5cfe38fdb3e03a6e4c5cf9f91803402508c97dbe1cc404f229b9cd497e4231
- SSDEEP
  
  192:+SLjDJq0Tavgx685UIroAKbP2KTMhS0OGYm5llWVjAvNzAWMuEvk7MgG+r5A6:5Vq2k785UIro8KTMhSeYm5P2jiuuEjP4
Score

10^/10

qakbot bb06 1668670510 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  animators/partisan.tmp
- Size
  
  835KB
- MD5
  
  eafb22a4598f43b5f958484ebc931e37
- SHA1
  
  4469e019ed347b4577964ed92b6fbb46ebda62b2
- SHA256
  
  54c60685e57588c0822225cb6553f5a3df3d32f65aa8cf0f1baeb21787ed7485
- SHA512
  
  a12b463fd74a196a417d607a12732b8007ab54b18f1ce3e33514992d9a75af4c843224c2326018609a83a40ca296a2dc4fc3bf09a3f1533858a4b38209ed9ee5
- SSDEEP
  
  12288:T6F+DfZxL4+Dir8lkQ5z4hbimKFX4GfOs5VBNYRbWAUWWvoYPiwBP:T6F+DRt4Tr8lkBhOp2QOU
Score

10^/10

qakbot bb06 1668670510 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6