qakbot | 9f712abb071ef5fa246bab57b07e47f6de9d4bb0566e8c4f8beab4f7d98caf70

General

Target

GV08.img
Size

996KB
Sample

221117-ehrxhsdf36
MD5

976076819ef22583816ec025928d2a49
SHA1

288640de09470048039282ae970019bbcf85ce18
SHA256

9f712abb071ef5fa246bab57b07e47f6de9d4bb0566e8c4f8beab4f7d98caf70
SHA512

cb4947b424c306d1cdf4e75546651327c34392f5a6d6f83f3065a8c6e926d38369b85027105ee4a7117bd42efbc3b805ff5106d13a2d1188f2cb89c9f43425d4
SSDEEP

24576:9Yfx4Yk7A4DUESxr9MuI4vhL3tXwwvwJwRwJZwSw5wqwfHH8H2HHLwu2Hk:suY0ArH4T4vJ3tXwwvwJwRwJZwSw5wqj

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB06

Campaign

1668610672

C2

87.243.146.59:443

90.104.22.28:2222

200.93.14.206:2222

86.171.75.63:443

92.185.204.18:2078

86.225.214.138:2222

152.170.17.136:443

92.27.86.48:2222

76.80.180.154:995

71.31.101.183:443

91.254.215.167:443

73.22.121.210:443

87.202.101.164:50000

24.228.132.224:2222

70.121.198.103:2078

186.28.85.119:995

193.251.52.34:2222

98.211.64.94:443

172.117.139.142:995

70.51.153.72:2222

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Extracted

Family

qakbot

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  GV08.img
- Size
  
  996KB
- MD5
  
  976076819ef22583816ec025928d2a49
- SHA1
  
  288640de09470048039282ae970019bbcf85ce18
- SHA256
  
  9f712abb071ef5fa246bab57b07e47f6de9d4bb0566e8c4f8beab4f7d98caf70
- SHA512
  
  cb4947b424c306d1cdf4e75546651327c34392f5a6d6f83f3065a8c6e926d38369b85027105ee4a7117bd42efbc3b805ff5106d13a2d1188f2cb89c9f43425d4
- SSDEEP
  
  24576:9Yfx4Yk7A4DUESxr9MuI4vhL3tXwwvwJwRwJZwSw5wqwfHH8H2HHLwu2Hk:suY0ArH4T4vJ3tXwwvwJwRwJZwSw5wqj
Score

3^/10
behavioral1 behavioral2
- Target
  
  SK.vbs
- Size
  
  9KB
- MD5
  
  d93565edc009a2e858d8b7398040a41f
- SHA1
  
  d95619d03e3d4853d6e41914aa643e63a91f18fe
- SHA256
  
  441127f42bedb460cb8620f2fc66676a2ae8b8ba6b9a8b5e1e72ba1d61694969
- SHA512
  
  b75d9b0bd9834ed09cb6a3011bdb060486c9bd959cdc389dc70a12e0ffcf76594ae208def119e21ca65d7065eb9f9309feedf5feeceba8747debedf313425864
- SSDEEP
  
  192:IeSjzZaUgrcl/E4rowaD/OCMhiEe1C7p11G0vdzgWF0fkbsgTbpQa:T41ajrcpE4rocCMhidGpPGmX0jWbX
Score

10^/10

qakbot bb06 1668610672 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  cushioned/disaffiliate.tmp
- Size
  
  528KB
- MD5
  
  69e36122804e72cc5c5b1a98aa44aa0b
- SHA1
  
  2cdf95647efd302cb37a2e6510de90369000c3c3
- SHA256
  
  dd70e16e763558646ec614287061d285018fc9a3965ba10186ea81f7838a0175
- SHA512
  
  0316342f0e2463d79894fb9bcad67209edca6604ff3c4814b13888a4ea84d88d7f75ac74afd6fae88fe6b85b7125eefa11bf3e7a4f2504f91a88061082f02ae5
- SSDEEP
  
  12288:Sx4YGJ7FVsr0DUESxDf9TQGWCIQ1HvhL3iL/wXLK:Sx4Yk7A4DUESxr9MuI4vhL3tX
Score

10^/10

qakbot bb06 1668610672 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6