qakbot | b40b9ff456355008e3446a807f8bd9beea79817fa3287a113a23be13e97ed031

General

Target

QI05.img
Size

996KB
Sample

221117-ap2cbahd3x
MD5

2cb2b9c4784290e38a7c1fb368d6f9f5
SHA1

0ae2b10c1818a4b55e6f4554b5544d988d0750ca
SHA256

b40b9ff456355008e3446a807f8bd9beea79817fa3287a113a23be13e97ed031
SHA512

31bb131fd04fc2368fb27d0288cae38a47b4d940e39c59374bc4384d98722f06230253162c2c92159b5bf10ebaf55dd585e5e4929dcc42a3436dc3982b50fa68
SSDEEP

24576:tYgwvwJwRwJZwSw5wqwfHH8H2HHLwRx4Yk7A4DUESxF9MuI4vhL3tXC2Hk:3wvwJwRwJZwSw5wqwfHH8H2HHLwRuY0k

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB06

Campaign

1668610672

C2

87.243.146.59:443

90.104.22.28:2222

200.93.14.206:2222

86.171.75.63:443

92.185.204.18:2078

86.225.214.138:2222

152.170.17.136:443

92.27.86.48:2222

76.80.180.154:995

71.31.101.183:443

91.254.215.167:443

73.22.121.210:443

87.202.101.164:50000

24.228.132.224:2222

70.121.198.103:2078

186.28.85.119:995

193.251.52.34:2222

98.211.64.94:443

172.117.139.142:995

70.51.153.72:2222

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  QI05.img
- Size
  
  996KB
- MD5
  
  2cb2b9c4784290e38a7c1fb368d6f9f5
- SHA1
  
  0ae2b10c1818a4b55e6f4554b5544d988d0750ca
- SHA256
  
  b40b9ff456355008e3446a807f8bd9beea79817fa3287a113a23be13e97ed031
- SHA512
  
  31bb131fd04fc2368fb27d0288cae38a47b4d940e39c59374bc4384d98722f06230253162c2c92159b5bf10ebaf55dd585e5e4929dcc42a3436dc3982b50fa68
- SSDEEP
  
  24576:tYgwvwJwRwJZwSw5wqwfHH8H2HHLwRx4Yk7A4DUESxF9MuI4vhL3tXC2Hk:3wvwJwRwJZwSw5wqwfHH8H2HHLwRuY0k
Score

3^/10
behavioral1 behavioral2
- Target
  
  SK.vbs
- Size
  
  9KB
- MD5
  
  ba974b61eedb261205bfaca50adee226
- SHA1
  
  f99027f1a3ac6769361ebebfb00ab5a826d981eb
- SHA256
  
  5c4a76f4da739dec8d0fce0b68c12e0bdf75bb8f5e9205a49ebbe761e2b78fdb
- SHA512
  
  a0cc3717f621d8ce23921bc879a852836ab979e4ba32a5a0f88fd11a324ae3769d8044369b2a64920b7d27ab65f39345f2f84c4a71adbdfc51d2b71cc2410fad
- SSDEEP
  
  192:3eSjzZaUgrcl/E4rowaD/OCMhiEe1C7p11G0vdzgWF0fkbsgTbpQa:O41ajrcpE4rocCMhidGpPGmX0jWbX
Score

10^/10

qakbot bb06 1668610672 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  cushioned/kidnappings.tmp
- Size
  
  528KB
- MD5
  
  527bb12aba18660558256580f1c15edf
- SHA1
  
  8f5c8bd0e3d40e5191495abbc58e198fb6d40f25
- SHA256
  
  c70f336804e5cd850474d1d1eb582225ecdfe798c1ed1f392618219d2b3f5bec
- SHA512
  
  773c0b535bef33b71ce89a95865826585a6ee54838daaa312282c4c50c32a2f5900993be1ecab5e6273fc155b242a4896040e64370cbcaea120c1bc7cae20bcf
- SSDEEP
  
  12288:Sx4YGJ7FVsr0DUESx5f9TQGWCIQ1HvhL3iL/wXLK:Sx4Yk7A4DUESxF9MuI4vhL3tX
Score

10^/10

qakbot bb06 1668610672 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6