qakbot | d826fca1c7a4ec7506a2f5f0e43339834e0f8bb10a784b6118d0598fd569ed81

General

Target

HI18.img
Size

996KB
Sample

221117-bssd9ahd8w
MD5

a16e20f1005bf9bf9adeb71de6f0997e
SHA1

bbb5a20b5c9b95cac5a5940e000bb7c0bd8c46f0
SHA256

d826fca1c7a4ec7506a2f5f0e43339834e0f8bb10a784b6118d0598fd569ed81
SHA512

5c2a5c281099dc61b31154e5ce5b2b7cc302dc97022d86cea014a106ee76d0e2c6f5688354f1d4638e5b8868530cfb4318c2e478ef561f1d4e1bb779dc350db4
SSDEEP

24576:EYQwvwJwRwJZwSw5wqwfHH8H2HHLwRx4Yk7A4DUESxM9MuI4vhL3tXC2Hk:IwvwJwRwJZwSw5wqwfHH8H2HHLwRuY01

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB06

Campaign

1668610672

C2

87.243.146.59:443

90.104.22.28:2222

200.93.14.206:2222

86.171.75.63:443

92.185.204.18:2078

86.225.214.138:2222

152.170.17.136:443

92.27.86.48:2222

76.80.180.154:995

71.31.101.183:443

91.254.215.167:443

73.22.121.210:443

87.202.101.164:50000

24.228.132.224:2222

70.121.198.103:2078

186.28.85.119:995

193.251.52.34:2222

98.211.64.94:443

172.117.139.142:995

70.51.153.72:2222

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Extracted

Family

qakbot

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  HI18.img
- Size
  
  996KB
- MD5
  
  a16e20f1005bf9bf9adeb71de6f0997e
- SHA1
  
  bbb5a20b5c9b95cac5a5940e000bb7c0bd8c46f0
- SHA256
  
  d826fca1c7a4ec7506a2f5f0e43339834e0f8bb10a784b6118d0598fd569ed81
- SHA512
  
  5c2a5c281099dc61b31154e5ce5b2b7cc302dc97022d86cea014a106ee76d0e2c6f5688354f1d4638e5b8868530cfb4318c2e478ef561f1d4e1bb779dc350db4
- SSDEEP
  
  24576:EYQwvwJwRwJZwSw5wqwfHH8H2HHLwRx4Yk7A4DUESxM9MuI4vhL3tXC2Hk:IwvwJwRwJZwSw5wqwfHH8H2HHLwRuY01
Score

3^/10
behavioral1 behavioral2
- Target
  
  SK.vbs
- Size
  
  9KB
- MD5
  
  a1d48a06078d944ee3a78cc66f9f9e7c
- SHA1
  
  02b540507962ac4653e3003effe465a32c668339
- SHA256
  
  2ae0fb68778973843295fabbd7e27239b57d0fe27412a0388a8ce39605b4fb84
- SHA512
  
  852c24f924d466318794fed8bd87508e429d457177b2e5ccb4cefc409eec9f32f464044ad3edc57fc4ceef88abe9ecb55d58e16075b5cee38e3143b9b3addb19
- SSDEEP
  
  192:zeSjzZaUgrcl/E4rowaD/OCMhiEe1C7p11G0vdzgWF0fkbsgTbpQa:i41ajrcpE4rocCMhidGpPGmX0jWbX
Score

10^/10

qakbot bb06 1668610672 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  cushioned/unveils.tmp
- Size
  
  528KB
- MD5
  
  1cd4ae33bb938c3164e20f18bd1267ad
- SHA1
  
  200f8143101af1910d9d0bd4747da834f6a9b05e
- SHA256
  
  05f35cd6bce81250e2655321359bf44a7f4c70783a5960268724d521563a3d19
- SHA512
  
  d434c255a4dc5ace7889f0f7b748a7b2caf9ebad29f98b521fbbddecfdb57101d7a9753dc6657411d4badbe4bad21cedbd96ab2e80e5262c6015be53f94e0036
- SSDEEP
  
  12288:Sx4YGJ7FVsr0DUESxGf9TQGWCIQ1HvhL3iL/wXLK:Sx4Yk7A4DUESxM9MuI4vhL3tX
Score

10^/10

qakbot bb06 1668610672 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6