qakbot | 18e7ad999fd4679525e36357c87199d7410299bb45098fdd6235532cce522798

General

Target

DJ79.img
Size

996KB
Sample

221117-flhzfshf9w
MD5

337cf8f6911743901a83cd0ea34f8509
SHA1

3c28526752d75a04a8710069139238512881eb6f
SHA256

18e7ad999fd4679525e36357c87199d7410299bb45098fdd6235532cce522798
SHA512

327beaa1ef14ac72d2c7f5bdffb9e629df79d35e189fa1916151c0ffba32e360d162f5ca6019c8f7839949a037e502ef6a938c496d9a03da3ff641a7f392a234
SSDEEP

24576:aYYwvwJwRwJZwSw5wqwfHH8H2HHLwu2Hklx4Yk7A4DUESxT9MuI4vhL3tX:ywvwJwRwJZwSw5wqwfHH8H2HHLwu2YuQ

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB06

Campaign

1668610672

C2

87.243.146.59:443

90.104.22.28:2222

200.93.14.206:2222

86.171.75.63:443

92.185.204.18:2078

86.225.214.138:2222

152.170.17.136:443

92.27.86.48:2222

76.80.180.154:995

71.31.101.183:443

91.254.215.167:443

73.22.121.210:443

87.202.101.164:50000

24.228.132.224:2222

70.121.198.103:2078

186.28.85.119:995

193.251.52.34:2222

98.211.64.94:443

172.117.139.142:995

70.51.153.72:2222

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  DJ79.img
- Size
  
  996KB
- MD5
  
  337cf8f6911743901a83cd0ea34f8509
- SHA1
  
  3c28526752d75a04a8710069139238512881eb6f
- SHA256
  
  18e7ad999fd4679525e36357c87199d7410299bb45098fdd6235532cce522798
- SHA512
  
  327beaa1ef14ac72d2c7f5bdffb9e629df79d35e189fa1916151c0ffba32e360d162f5ca6019c8f7839949a037e502ef6a938c496d9a03da3ff641a7f392a234
- SSDEEP
  
  24576:aYYwvwJwRwJZwSw5wqwfHH8H2HHLwu2Hklx4Yk7A4DUESxT9MuI4vhL3tX:ywvwJwRwJZwSw5wqwfHH8H2HHLwu2YuQ
Score

3^/10
behavioral1 behavioral2
- Target
  
  SK.vbs
- Size
  
  9KB
- MD5
  
  762dc53bb4c383cba1250e888dc3e7f0
- SHA1
  
  6f9aa9ca8b0907981afca23aba5e4cf853dd41a5
- SHA256
  
  20223af2be5ca4c2a6e51da3a4021cdb074ea14b36939921107866c5622b6998
- SHA512
  
  808e6e661d67beab0e487db9919ffbacfcba0649d8c29e556bd0e32f0d0e9857c36cbf2586bc2a5559738a7385b4c86fa4bb1dae081b1d847d4ba60e4b917603
- SSDEEP
  
  192:veSjzZaUgrcl/E4rowaD/OCMhiEe1C7p11G0vdzgWF0fkbsgTbpQa:m41ajrcpE4rocCMhidGpPGmX0jWbX
Score

10^/10

qakbot bb06 1668610672 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  cushioned/vivid.tmp
- Size
  
  528KB
- MD5
  
  fc5f82aea126bd9ff65ea4d13735c06c
- SHA1
  
  6bef2016232f2ad53da342c7a1f6b5e2c8f3bd5a
- SHA256
  
  27a170ec3ee373c7003e5cf81ccfccd7c7111e59fcc0cf78498592444c8c0294
- SHA512
  
  a4165f90d3f047e2fb7c97f831f5671d102b3cf7a9e8e22c922376d5bb90add239223225c076d28a69a104012f735183d9fabfee273cbf074426c213588b321c
- SSDEEP
  
  12288:Sx4YGJ7FVsr0DUESxbf9TQGWCIQ1HvhL3iL/wXLK:Sx4Yk7A4DUESxT9MuI4vhL3tX
Score

10^/10

qakbot bb06 1668610672 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6