qakbot | 1590ffeabb381c2ac3bb5d03e3f2079382031776317d78580b066bcde3f75cde

General

Target

DI45.img
Size

996KB
Sample

221117-a9d3hsdd67
MD5

0f088acd4abfa3a4815b9e2353dad31f
SHA1

d2d75756bf05e750c7bb8fedef371b0226ca9e08
SHA256

1590ffeabb381c2ac3bb5d03e3f2079382031776317d78580b066bcde3f75cde
SHA512

c5a52c2ffa7832b600b251969b9a9056258bdbded6516fc5d6b35abc2a3abf1d01c8643071cef43f8d95b04098b1443bfe75aa17fa9e69f1a28ac01936504be1
SSDEEP

24576:cYKwvwJwRwJZwSw5wqwfHH8H2HHLwRx4Yk7A4DUESxv9MuI4vhL3tXC2Hk:KwvwJwRwJZwSw5wqwfHH8H2HHLwRuY0O

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB06

Campaign

1668610672

C2

87.243.146.59:443

90.104.22.28:2222

200.93.14.206:2222

86.171.75.63:443

92.185.204.18:2078

86.225.214.138:2222

152.170.17.136:443

92.27.86.48:2222

76.80.180.154:995

71.31.101.183:443

91.254.215.167:443

73.22.121.210:443

87.202.101.164:50000

24.228.132.224:2222

70.121.198.103:2078

186.28.85.119:995

193.251.52.34:2222

98.211.64.94:443

172.117.139.142:995

70.51.153.72:2222

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  DI45.img
- Size
  
  996KB
- MD5
  
  0f088acd4abfa3a4815b9e2353dad31f
- SHA1
  
  d2d75756bf05e750c7bb8fedef371b0226ca9e08
- SHA256
  
  1590ffeabb381c2ac3bb5d03e3f2079382031776317d78580b066bcde3f75cde
- SHA512
  
  c5a52c2ffa7832b600b251969b9a9056258bdbded6516fc5d6b35abc2a3abf1d01c8643071cef43f8d95b04098b1443bfe75aa17fa9e69f1a28ac01936504be1
- SSDEEP
  
  24576:cYKwvwJwRwJZwSw5wqwfHH8H2HHLwRx4Yk7A4DUESxv9MuI4vhL3tXC2Hk:KwvwJwRwJZwSw5wqwfHH8H2HHLwRuY0O
Score

3^/10
behavioral1 behavioral2
- Target
  
  SK.vbs
- Size
  
  9KB
- MD5
  
  27422194109068014275bcfd85e70549
- SHA1
  
  f7b5277b8bd94a0ea3f209f4a989d38493c63b1c
- SHA256
  
  c27c8a59d9384fe67d5b92388e20c04f27e8a1fb17ffff5248bc29e0852ccb7e
- SHA512
  
  e99b03d4dc2cac61ab482bec4b6d28d2e66f9f417bdf507a2a43a8d5214dfa1baaa60af144a807ac8f08bc493d4470c95faba242882de77b1532db860c5bb7c9
- SSDEEP
  
  192:WeSjzZaUgrcl/E4rowaD/OCMhiEe1C7p11G0vdzgWF0fkbsgTbpQa:N41ajrcpE4rocCMhidGpPGmX0jWbX
Score

10^/10

qakbot bb06 1668610672 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  cushioned/that.tmp
- Size
  
  528KB
- MD5
  
  f08644aee1faeef1b18538838d62678e
- SHA1
  
  6d94032cd19b181002ae3b8b6eb068f5af294e16
- SHA256
  
  af4cce113c3977a04c831cb9ac6cb5daf76359696262a445630f85b6b646d44a
- SHA512
  
  2932a842e4e37d2ef6ecbe6fc566ede3f557e0362353150d6843a915ad330e84924f5a67ead4c5a70a8fbda87c6407943da215595c87dbfa2a0574ecd5d8f599
- SSDEEP
  
  12288:Sx4YGJ7FVsr0DUESx3f9TQGWCIQ1HvhL3iL/wXLK:Sx4Yk7A4DUESxv9MuI4vhL3tX
Score

10^/10

qakbot bb06 1668610672 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6