qakbot | 23c872a3c24a223c9cd72c5d15c57ae1e5d9fb2fb82c90db95338d50b26763d9

General

Target

HF58.img
Size

996KB
Sample

221117-gpb6rahg5x
MD5

b0d6d977f7c96ab8e88e1d8cfa8c01e6
SHA1

f3af2276b82a07e1e1a7ac127e3c28d7e55be159
SHA256

23c872a3c24a223c9cd72c5d15c57ae1e5d9fb2fb82c90db95338d50b26763d9
SHA512

3252cb31a38c93f0196c8bddfb50b96fc461416ad3781517cabd4e758cf21f743526933c5d078498ee1dd7fc963ff081ab1cd9e3e0f1edd51099627eccbee9d2
SSDEEP

24576:kYPx4Yk7A4DUESx99MuI4vhL3tXwwvwJwRwJZwSw5wqwfHH8H2HHLwu2Hk:3uY0ArHuT4vJ3tXwwvwJwRwJZwSw5wqj

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB06

Campaign

1668610672

C2

87.243.146.59:443

90.104.22.28:2222

200.93.14.206:2222

86.171.75.63:443

92.185.204.18:2078

86.225.214.138:2222

152.170.17.136:443

92.27.86.48:2222

76.80.180.154:995

71.31.101.183:443

91.254.215.167:443

73.22.121.210:443

87.202.101.164:50000

24.228.132.224:2222

70.121.198.103:2078

186.28.85.119:995

193.251.52.34:2222

98.211.64.94:443

172.117.139.142:995

70.51.153.72:2222

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  HF58.img
- Size
  
  996KB
- MD5
  
  b0d6d977f7c96ab8e88e1d8cfa8c01e6
- SHA1
  
  f3af2276b82a07e1e1a7ac127e3c28d7e55be159
- SHA256
  
  23c872a3c24a223c9cd72c5d15c57ae1e5d9fb2fb82c90db95338d50b26763d9
- SHA512
  
  3252cb31a38c93f0196c8bddfb50b96fc461416ad3781517cabd4e758cf21f743526933c5d078498ee1dd7fc963ff081ab1cd9e3e0f1edd51099627eccbee9d2
- SSDEEP
  
  24576:kYPx4Yk7A4DUESx99MuI4vhL3tXwwvwJwRwJZwSw5wqwfHH8H2HHLwu2Hk:3uY0ArHuT4vJ3tXwwvwJwRwJZwSw5wqj
Score

3^/10
behavioral1 behavioral2
- Target
  
  SK.vbs
- Size
  
  9KB
- MD5
  
  97f26036137a60aeb673705ac8272ac9
- SHA1
  
  b8c3711bb01e255b52d08f7f742d118f325dc13a
- SHA256
  
  5e1504c2b9107fdea5945be03d841d446b6bb8685c2ec43cc8c6fa7e59d9e69a
- SHA512
  
  c33d78559bcc00ba9b37aac12ddee4475e2f37d3b0ab0c0b7fb1efd9de2c7d754e40a473f6d0043953a65ff5d5eeb3f6a54b44249c58927ad32d0533b74d7cb4
- SSDEEP
  
  192:ueSjzZaUgrcl/E4rowaD/OCMhiEe1C7p11G0vdzgWF0fkbsgTbpQa:F41ajrcpE4rocCMhidGpPGmX0jWbX
Score

10^/10

qakbot bb06 1668610672 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  cushioned/essaying.tmp
- Size
  
  528KB
- MD5
  
  35be364d93d7579cbd796310bd4ee704
- SHA1
  
  a911e3487bf663d84a95ce2bf06738af3c4f06ae
- SHA256
  
  6c1347f9e4d5421c573b3aafa9bb850189d1cfec261126322da25dde54792adf
- SHA512
  
  74f63cf094d52d1424152e6ec9aab3078ea72b59bcb700433faadee3fda7b31773cc2ae8532af1f3058c580f2c2232c1ff10b1adf98eb305e2fad4d24b3dcc63
- SSDEEP
  
  12288:Sx4YGJ7FVsr0DUESxBf9TQGWCIQ1HvhL3iL/wXLK:Sx4Yk7A4DUESx99MuI4vhL3tX
Score

10^/10

qakbot bb06 1668610672 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6