qakbot | 0c495376f108dd4f61ae682296b2b6a3944e22e70672df2cb72afcd4cea037b3

General

Target

HP35.img
Size

996KB
Sample

221117-cb6qzshe3v
MD5

eabbb59e07b56a9a347113f988217212
SHA1

866a2ba92b24418efbb9bebe5adda6893d8d66ad
SHA256

0c495376f108dd4f61ae682296b2b6a3944e22e70672df2cb72afcd4cea037b3
SHA512

bb9b8c688562fb64355c0f0bc4ad37a0fe2c98ed5a87b8a40fb15e70f8d1ef68ea31d6ce594306cbc41963ba09ad244c3cb9bf8e5397a503194e23706c49d0b7
SSDEEP

24576:OYHx4Yk7A4DUESxg9MuI4vhL3tXwwvwJwRwJZwSw5wqwfHH8H2HHLwu2Hk:BuY0ArHVT4vJ3tXwwvwJwRwJZwSw5wqj

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB06

Campaign

1668610672

C2

87.243.146.59:443

90.104.22.28:2222

200.93.14.206:2222

86.171.75.63:443

92.185.204.18:2078

86.225.214.138:2222

152.170.17.136:443

92.27.86.48:2222

76.80.180.154:995

71.31.101.183:443

91.254.215.167:443

73.22.121.210:443

87.202.101.164:50000

24.228.132.224:2222

70.121.198.103:2078

186.28.85.119:995

193.251.52.34:2222

98.211.64.94:443

172.117.139.142:995

70.51.153.72:2222

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  HP35.img
- Size
  
  996KB
- MD5
  
  eabbb59e07b56a9a347113f988217212
- SHA1
  
  866a2ba92b24418efbb9bebe5adda6893d8d66ad
- SHA256
  
  0c495376f108dd4f61ae682296b2b6a3944e22e70672df2cb72afcd4cea037b3
- SHA512
  
  bb9b8c688562fb64355c0f0bc4ad37a0fe2c98ed5a87b8a40fb15e70f8d1ef68ea31d6ce594306cbc41963ba09ad244c3cb9bf8e5397a503194e23706c49d0b7
- SSDEEP
  
  24576:OYHx4Yk7A4DUESxg9MuI4vhL3tXwwvwJwRwJZwSw5wqwfHH8H2HHLwu2Hk:BuY0ArHVT4vJ3tXwwvwJwRwJZwSw5wqj
Score

3^/10
behavioral1 behavioral2
- Target
  
  SK.vbs
- Size
  
  9KB
- MD5
  
  967f13b0522cb8488bf8d5549d1e036e
- SHA1
  
  db28af4852666b465ed7db8e10f2ee8fd2544c4d
- SHA256
  
  df111fe9464f57b06a8ebb74ec94af341947356f544842ff5d4539362f4e6bee
- SHA512
  
  44559aab993322c93a9c9a672466fbbe98ff06c2d055053e38e9c1de14134d6ab9d8f275580ff374ddc5ce38cf27f4a40e1ca0a2bf91de9d20997f9fdee32044
- SSDEEP
  
  192:leSjzZaUgrcl/E4rowaD/OCMhiEe1C7p11G0vdzgWF0fkbsgTbpQa:Y41ajrcpE4rocCMhidGpPGmX0jWbX
Score

10^/10

qakbot bb06 1668610672 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  cushioned/administrating.tmp
- Size
  
  528KB
- MD5
  
  f9e9d7fddf1363a405ac4b48eae8ffa8
- SHA1
  
  0bff483294968102798a989bde36a60cd3e25a42
- SHA256
  
  88bf75506759c7f3d5aad21c6b3d404b7b4fabaa3a5c7adc11d319e8d04858d3
- SHA512
  
  6be19e01ad63838aed7de0c860c51bb0359a88a741f4b0820aa319078c7bc2420fa00e4438d86e044265d0a2d7990342d52429fa89c66f165fa3e7c754929b11
- SSDEEP
  
  12288:Sx4YGJ7FVsr0DUESxaf9TQGWCIQ1HvhL3iL/wXLK:Sx4Yk7A4DUESxg9MuI4vhL3tX
Score

10^/10

qakbot bb06 1668610672 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6