qakbot | 9cf370aebafc58681b5322b31e7e5560b0ad198b871201f1a3b1301d08aa858b

General

Target

NB36.img
Size

996KB
Sample

221117-e25bysdf66
MD5

000016399ea7b8314a4fef085f5ebe81
SHA1

1f1b1ba29b8631915b7bb2a6771041fdd0fb7a41
SHA256

9cf370aebafc58681b5322b31e7e5560b0ad198b871201f1a3b1301d08aa858b
SHA512

ae74dd9c2b9687679182f4ef114e9fda446b1666bb1c8e1acc1f8390cff7bfbe8bdc6d22b22bd49360b853e9b11bcc2241f3abd674cde81357f35622ec68b3f1
SSDEEP

24576:sYYwvwJwRwJZwSw5wqwfHH8H2HHLwRx4Yk7A4DUESxO9MuI4vhL3tXC2Hk:owvwJwRwJZwSw5wqwfHH8H2HHLwRuY0X

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB06

Campaign

1668610672

C2

87.243.146.59:443

90.104.22.28:2222

200.93.14.206:2222

86.171.75.63:443

92.185.204.18:2078

86.225.214.138:2222

152.170.17.136:443

92.27.86.48:2222

76.80.180.154:995

71.31.101.183:443

91.254.215.167:443

73.22.121.210:443

87.202.101.164:50000

24.228.132.224:2222

70.121.198.103:2078

186.28.85.119:995

193.251.52.34:2222

98.211.64.94:443

172.117.139.142:995

70.51.153.72:2222

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Extracted

Family

qakbot

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  NB36.img
- Size
  
  996KB
- MD5
  
  000016399ea7b8314a4fef085f5ebe81
- SHA1
  
  1f1b1ba29b8631915b7bb2a6771041fdd0fb7a41
- SHA256
  
  9cf370aebafc58681b5322b31e7e5560b0ad198b871201f1a3b1301d08aa858b
- SHA512
  
  ae74dd9c2b9687679182f4ef114e9fda446b1666bb1c8e1acc1f8390cff7bfbe8bdc6d22b22bd49360b853e9b11bcc2241f3abd674cde81357f35622ec68b3f1
- SSDEEP
  
  24576:sYYwvwJwRwJZwSw5wqwfHH8H2HHLwRx4Yk7A4DUESxO9MuI4vhL3tXC2Hk:owvwJwRwJZwSw5wqwfHH8H2HHLwRuY0X
Score

3^/10
behavioral1 behavioral2
- Target
  
  SK.vbs
- Size
  
  9KB
- MD5
  
  29ee7b44bd5c91854467e2f6d78ad632
- SHA1
  
  a21f18867b460ca6f8ea1ade1a7dee073b3c3054
- SHA256
  
  fdcb7aa06a8518ed000100c9d30c2d6d02f3a375b4290281d33bd162c176ece4
- SHA512
  
  ada556e1b0e8bc5ee3d22cd5e3a91d30f45225549895d80bb745e8a9f059816f8f4a32a415b156ba37feb7a778368a9ad39183055a968ac89c0ff034907a3668
- SSDEEP
  
  192:TeSjzZaUgrcl/E4rowaD/OCMhiEe1C7p11G0vdzgWF0fkbsgTbpQa:C41ajrcpE4rocCMhidGpPGmX0jWbX
Score

10^/10

qakbot bb06 1668610672 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  cushioned/orbit.tmp
- Size
  
  528KB
- MD5
  
  e4c882af74db3e36c8b4a6becf708e5d
- SHA1
  
  cb8602ba192a4cc9dbfc13cc09b699764dcd9cd6
- SHA256
  
  a3f9c7430a1a5585e88f72710a67d7763152606e980512451e0d43097a462b87
- SHA512
  
  e37e61b4caa40872a1990f9b539eb96476d721f90cb7e8c561c6965dce30c2c3fec150096e5a6800f6347be35b0fdc4dc915856277b8bd712ff2f69a348c9431
- SSDEEP
  
  12288:Sx4YGJ7FVsr0DUESxMf9TQGWCIQ1HvhL3iL/wXLK:Sx4Yk7A4DUESxO9MuI4vhL3tX
Score

10^/10

qakbot bb06 1668610672 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6