qakbot | a1c069db2335832c3baad828736a8dced58b3c9a1a747c341a0ab26b1acec36f

General

Target

YV36.img
Size

996KB
Sample

221117-f5xxqahg3z
MD5

33a5f9f6cf45020557013088ec4c7f73
SHA1

dd6fb9ff8d787b9d2ff1ccc1dd87d1a130193007
SHA256

a1c069db2335832c3baad828736a8dced58b3c9a1a747c341a0ab26b1acec36f
SHA512

918f282ab20dc2daa0c49a7803290542ddc891d8e979d2b355a0dde74013a6d7d52a6d3e1d30fc1ed830c6861f0e4b98b41969d0046fde00c1bc49f65ab27ebc
SSDEEP

24576:DYPx4Yk7A4DUESxJ9MuI4vhL3tXwwvwJwRwJZwSw5wqwfHH8H2HHLwu2Hk:quY0ArHWT4vJ3tXwwvwJwRwJZwSw5wqj

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB06

Campaign

1668610672

C2

87.243.146.59:443

90.104.22.28:2222

200.93.14.206:2222

86.171.75.63:443

92.185.204.18:2078

86.225.214.138:2222

152.170.17.136:443

92.27.86.48:2222

76.80.180.154:995

71.31.101.183:443

91.254.215.167:443

73.22.121.210:443

87.202.101.164:50000

24.228.132.224:2222

70.121.198.103:2078

186.28.85.119:995

193.251.52.34:2222

98.211.64.94:443

172.117.139.142:995

70.51.153.72:2222

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Extracted

Family

qakbot

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  YV36.img
- Size
  
  996KB
- MD5
  
  33a5f9f6cf45020557013088ec4c7f73
- SHA1
  
  dd6fb9ff8d787b9d2ff1ccc1dd87d1a130193007
- SHA256
  
  a1c069db2335832c3baad828736a8dced58b3c9a1a747c341a0ab26b1acec36f
- SHA512
  
  918f282ab20dc2daa0c49a7803290542ddc891d8e979d2b355a0dde74013a6d7d52a6d3e1d30fc1ed830c6861f0e4b98b41969d0046fde00c1bc49f65ab27ebc
- SSDEEP
  
  24576:DYPx4Yk7A4DUESxJ9MuI4vhL3tXwwvwJwRwJZwSw5wqwfHH8H2HHLwu2Hk:quY0ArHWT4vJ3tXwwvwJwRwJZwSw5wqj
Score

3^/10
behavioral1 behavioral2
- Target
  
  SK.vbs
- Size
  
  9KB
- MD5
  
  ea6230dec561c8b5a942b08386660dea
- SHA1
  
  ed4cfbd5df9ed02400540728fccc43e25c73e6c7
- SHA256
  
  e1dbaba900ba7aad3c70aa897a7934b7a75a6062c78aae36cd001da1cabe1ac5
- SHA512
  
  19f660cdd38f9ac878ce63ab712d6fccf849ee85296994b6b343e6bed83e7dbf9fee4a3aef9476d39e11f7d7bdaee88667ca04c4476f00675227ee523a2bb462
- SSDEEP
  
  192:beSjzZaUgrcl/E4rowaD/OCMhiEe1C7p11G0vdzgWF0fkbsgTbpQa:q41ajrcpE4rocCMhidGpPGmX0jWbX
Score

10^/10

qakbot bb06 1668610672 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  cushioned/destined.tmp
- Size
  
  528KB
- MD5
  
  749fc3f023c69e25f0fa82b55ad211e2
- SHA1
  
  052af23b9616b08b3e26660c9a280b383429dd82
- SHA256
  
  d8101d14363fe1a0d861c8c66ed45d04e1c750e1ee4d2f785fece904e2accd6b
- SHA512
  
  485da2d98aba2e9eeb73b9ba1de2f789a4b64d4cf43dcb51a00a08198fccf7e4c161f9f9bdd51d44cd36c15c5612a4d938b3af4bb69c27122d4153a9e76d4b3c
- SSDEEP
  
  12288:Sx4YGJ7FVsr0DUESxNf9TQGWCIQ1HvhL3iL/wXLK:Sx4Yk7A4DUESxJ9MuI4vhL3tX
Score

10^/10

qakbot bb06 1668610672 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6