qakbot | 997878e5c8e0d3d1b9f8c67319fea898443e145a81cdd9b40ca728d72ead963a

General

Target

SH39.img
Size

996KB
Sample

221117-p35dfsed64
MD5

a1267d1e162b69201b6375d69254742b
SHA1

7d7cd9711cfd2e0a6c23c1d4bd2151c8db05122f
SHA256

997878e5c8e0d3d1b9f8c67319fea898443e145a81cdd9b40ca728d72ead963a
SHA512

1f3b3e2f3822a1b2a71d2edb11e450fccd813078a1dd660b79951fc36214292d592578f67b05dcfb89283f30bec7b9b216537e7492569c5da1ebbc8d19412077
SSDEEP

24576:dYfx4Yk7A4DUESx+9MuI4vhL3tXwwvwJwRwJZwSw5wqwfHH8H2HHLwu2Hk:MuY0ArH3T4vJ3tXwwvwJwRwJZwSw5wqj

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB06

Campaign

1668610672

C2

87.243.146.59:443

90.104.22.28:2222

200.93.14.206:2222

86.171.75.63:443

92.185.204.18:2078

86.225.214.138:2222

152.170.17.136:443

92.27.86.48:2222

76.80.180.154:995

71.31.101.183:443

91.254.215.167:443

73.22.121.210:443

87.202.101.164:50000

24.228.132.224:2222

70.121.198.103:2078

186.28.85.119:995

193.251.52.34:2222

98.211.64.94:443

172.117.139.142:995

70.51.153.72:2222

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  SH39.img
- Size
  
  996KB
- MD5
  
  a1267d1e162b69201b6375d69254742b
- SHA1
  
  7d7cd9711cfd2e0a6c23c1d4bd2151c8db05122f
- SHA256
  
  997878e5c8e0d3d1b9f8c67319fea898443e145a81cdd9b40ca728d72ead963a
- SHA512
  
  1f3b3e2f3822a1b2a71d2edb11e450fccd813078a1dd660b79951fc36214292d592578f67b05dcfb89283f30bec7b9b216537e7492569c5da1ebbc8d19412077
- SSDEEP
  
  24576:dYfx4Yk7A4DUESx+9MuI4vhL3tXwwvwJwRwJZwSw5wqwfHH8H2HHLwu2Hk:MuY0ArH3T4vJ3tXwwvwJwRwJZwSw5wqj
Score

3^/10
behavioral1 behavioral2
- Target
  
  SK.vbs
- Size
  
  9KB
- MD5
  
  6d6e8f92cab677e7325e5fc9fa335e1f
- SHA1
  
  e24ec05cbfcaeb69da9e37b65553366542968e6a
- SHA256
  
  f6ed694187e2621312926ae2a4e9fe6f3b258f139bc180e34116d695948a2c5b
- SHA512
  
  6909064a8a6b567c68eaea54533d00c4e934709f5749288fc88f3421b86947aae2b64d33319fbcc1915c5f5c7ce5fd1d50ada485577fd19d46e4a37ff0492c61
- SSDEEP
  
  192:9eSjzZaUgrcl/E4rowaD/OCMhiEe1C7p11G0vdzgWF0fkbsgTbpQa:Q41ajrcpE4rocCMhidGpPGmX0jWbX
Score

10^/10

qakbot bb06 1668610672 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  cushioned/horticulture.tmp
- Size
  
  528KB
- MD5
  
  0a9ca2f8215f96e32e0c33da9532d3f1
- SHA1
  
  7f2b1d92f0a3349bbc7cbf1f072c79cf76cad89c
- SHA256
  
  9e362baa9b19ddd6096a028315f8337e401584e00d1321ae742d51d0880c6450
- SHA512
  
  e168619f563c9f7cbb42f910089ae19258e37e08d5cf8dfb87fba18bd2d930c46b814a025658f1554fef3732c384ffc120cabf70e44be99115ccbf9273082069
- SSDEEP
  
  12288:Sx4YGJ7FVsr0DUESx8f9TQGWCIQ1HvhL3iL/wXLK:Sx4Yk7A4DUESx+9MuI4vhL3tX
Score

10^/10

qakbot bb06 1668610672 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6