qakbot | e0b5e015370def4853a2fa5bc0bfe613a05d6509224295e598015e26d458bfbb

General

Target

TA67.img
Size

996KB
Sample

221117-cwkz1she5y
MD5

da33d3c16d6dbd1b653c248fa62ca9bb
SHA1

e45011dc71e2af21f74e87fb7cf25568624d8f20
SHA256

e0b5e015370def4853a2fa5bc0bfe613a05d6509224295e598015e26d458bfbb
SHA512

e42b1b2f85f3971cb4fe9c819cce81ed972d72b2069eaa745173c396e48ec54476f8598b1bf4b3d934966e861818b865b041d6e19d913a54d69804b7f3a411a0
SSDEEP

24576:sYowvwJwRwJZwSw5wqwfHH8H2HHLwRx4Yk7A4DUESxV9MuI4vhL3tXC2Hk:4wvwJwRwJZwSw5wqwfHH8H2HHLwRuY0M

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB06

Campaign

1668610672

C2

87.243.146.59:443

90.104.22.28:2222

200.93.14.206:2222

86.171.75.63:443

92.185.204.18:2078

86.225.214.138:2222

152.170.17.136:443

92.27.86.48:2222

76.80.180.154:995

71.31.101.183:443

91.254.215.167:443

73.22.121.210:443

87.202.101.164:50000

24.228.132.224:2222

70.121.198.103:2078

186.28.85.119:995

193.251.52.34:2222

98.211.64.94:443

172.117.139.142:995

70.51.153.72:2222

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  TA67.img
- Size
  
  996KB
- MD5
  
  da33d3c16d6dbd1b653c248fa62ca9bb
- SHA1
  
  e45011dc71e2af21f74e87fb7cf25568624d8f20
- SHA256
  
  e0b5e015370def4853a2fa5bc0bfe613a05d6509224295e598015e26d458bfbb
- SHA512
  
  e42b1b2f85f3971cb4fe9c819cce81ed972d72b2069eaa745173c396e48ec54476f8598b1bf4b3d934966e861818b865b041d6e19d913a54d69804b7f3a411a0
- SSDEEP
  
  24576:sYowvwJwRwJZwSw5wqwfHH8H2HHLwRx4Yk7A4DUESxV9MuI4vhL3tXC2Hk:4wvwJwRwJZwSw5wqwfHH8H2HHLwRuY0M
Score

3^/10
behavioral1 behavioral2
- Target
  
  SK.vbs
- Size
  
  9KB
- MD5
  
  15b1e3c535b002b5cfb8492d842f6f59
- SHA1
  
  8539ea72d7c4ee0240d93863a0ec3378152bac03
- SHA256
  
  fc224f5a09aca8ace60493b8ab11c5aa9710645a369b35f85b30f56ad9237f98
- SHA512
  
  ce5b0fa0f5c90a279316314644b6dbf17aa436268cdf433264795e8731a886ff9b4daa00f8b35a47f7159cb2305f478032124f4a343167c1a88bcbb8bc26c9d1
- SSDEEP
  
  192:NeSjzZaUgrcl/E4rowaD/OCMhiEe1C7p11G0vdzgWF0fkbsgTbpQa:A41ajrcpE4rocCMhidGpPGmX0jWbX
Score

10^/10

qakbot bb06 1668610672 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  cushioned/ludicrous.tmp
- Size
  
  528KB
- MD5
  
  929ea2353c19a9198ebaa99f78093dbf
- SHA1
  
  a83f6cd648b39cf7d1deb63953188e2bd548837d
- SHA256
  
  3416df3c2fef1c61d61e740e2d59ce292d9ffe91e2119182a016ed7705f3f5b5
- SHA512
  
  01311a3fd5c642ca67105d15a36e434237a34b782e8864f257dccfac85db3b203fe57989af02b48d4db5741deb8e6d5663c87e7d9710ffce806a5c1f1bf98d53
- SSDEEP
  
  12288:Sx4YGJ7FVsr0DUESxJf9TQGWCIQ1HvhL3iL/wXLK:Sx4Yk7A4DUESxV9MuI4vhL3tX
Score

10^/10

qakbot bb06 1668610672 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6