qakbot | 95cbd6b7e4c1337620d7f0b86f9301d3b61e20f407f017d09be7dd1b3e3f2d87

General

Target

PW40.img
Size

996KB
Sample

221117-nfxvesac7y
MD5

1cf5ea67cd631e725efdcbde7cc79c12
SHA1

81d9bb0d0c508ab392546622782647cff88fa58c
SHA256

95cbd6b7e4c1337620d7f0b86f9301d3b61e20f407f017d09be7dd1b3e3f2d87
SHA512

2344caab45d8943e22cba196f42e64641f94981c9e6220cee307de1bf4a5c7d487c6bdce8f51b4260376bccbffbabdd23341081aa7b3d1c2825ce256f5a010ce
SSDEEP

24576:0YSwvwJwRwJZwSw5wqwfHH8H2HHLwRx4Yk7A4DUESx09MuI4vhL3tXC2Hk:qwvwJwRwJZwSw5wqwfHH8H2HHLwRuY0x

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB06

Campaign

1668610672

C2

87.243.146.59:443

90.104.22.28:2222

200.93.14.206:2222

86.171.75.63:443

92.185.204.18:2078

86.225.214.138:2222

152.170.17.136:443

92.27.86.48:2222

76.80.180.154:995

71.31.101.183:443

91.254.215.167:443

73.22.121.210:443

87.202.101.164:50000

24.228.132.224:2222

70.121.198.103:2078

186.28.85.119:995

193.251.52.34:2222

98.211.64.94:443

172.117.139.142:995

70.51.153.72:2222

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  PW40.img
- Size
  
  996KB
- MD5
  
  1cf5ea67cd631e725efdcbde7cc79c12
- SHA1
  
  81d9bb0d0c508ab392546622782647cff88fa58c
- SHA256
  
  95cbd6b7e4c1337620d7f0b86f9301d3b61e20f407f017d09be7dd1b3e3f2d87
- SHA512
  
  2344caab45d8943e22cba196f42e64641f94981c9e6220cee307de1bf4a5c7d487c6bdce8f51b4260376bccbffbabdd23341081aa7b3d1c2825ce256f5a010ce
- SSDEEP
  
  24576:0YSwvwJwRwJZwSw5wqwfHH8H2HHLwRx4Yk7A4DUESx09MuI4vhL3tXC2Hk:qwvwJwRwJZwSw5wqwfHH8H2HHLwRuY0x
Score

3^/10
behavioral1 behavioral2
- Target
  
  SK.vbs
- Size
  
  9KB
- MD5
  
  1e3c72f980556126bb9f88bbbbab3872
- SHA1
  
  b953b425b8b03e03aa74050613a16dbab9556c48
- SHA256
  
  da5af6fcb50b21b2b5c564fe9a7d8c8bc7677823bd945e3388d1da665f7c5cd6
- SHA512
  
  e48552ea9dae64d0be60505a8ce49d1f6ca26845e32e9dbeaa4960b77093ae7b219f4d42ead02eaefb08c5b17faba2079203e562e88a4cd10ae703d9ba865dc0
- SSDEEP
  
  192:YeSjzZaUgrcl/E4rowaD/OCMhiEe1C7p11G0vdzgWF0fkbsgTbpQa:D41ajrcpE4rocCMhidGpPGmX0jWbX
Score

10^/10

qakbot bb06 1668610672 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  cushioned/singes.tmp
- Size
  
  528KB
- MD5
  
  7c42dbc6c197d7b3ab4dbeec6e03915b
- SHA1
  
  6e7d6e5074e1df3dd81a90be9f20a0605938b991
- SHA256
  
  1a8842a946416dc9312226afa3ada98b9147bffe53483e0cff2bd72f49bfd249
- SHA512
  
  9b367cf3b5139f638a37d0afe27f36180fcfb86e12e9e462c18bc8a58bc6cc0dd8d8ec5c0b85b9a4bbc0dc93fdc5f1f89c3148f95e5d9e0c91f36a2ac93ec849
- SSDEEP
  
  12288:Sx4YGJ7FVsr0DUESxef9TQGWCIQ1HvhL3iL/wXLK:Sx4Yk7A4DUESx09MuI4vhL3tX
Score

10^/10

qakbot bb06 1668610672 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6