qakbot | f9afc049eeefa6570b5e8cdd2b6e0a70de7fa2de619be35a0f21904886e7db29

General

Target

TG28.img
Size

996KB
Sample

221117-pjr9saed22
MD5

ab6d30ea3552890c6db9f0c9e90c6ccd
SHA1

7a7154a8bedea4a0f23aa7262c339d849514e33e
SHA256

f9afc049eeefa6570b5e8cdd2b6e0a70de7fa2de619be35a0f21904886e7db29
SHA512

f70d16e4eeeb0dd8b1f3a9216be2cbc51126a57ed57302955ae2afa69dd2348b8e87a1953008e12b7f31ca0f6ac618840db27a23f7a15a0d097565f2bbb99a21
SSDEEP

24576:sYowvwJwRwJZwSw5wqwfHH8H2HHLwu2Hklx4Yk7A4DUESxy9MuI4vhL3tX:4wvwJwRwJZwSw5wqwfHH8H2HHLwu2YuR

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB06

Campaign

1668610672

C2

87.243.146.59:443

90.104.22.28:2222

200.93.14.206:2222

86.171.75.63:443

92.185.204.18:2078

86.225.214.138:2222

152.170.17.136:443

92.27.86.48:2222

76.80.180.154:995

71.31.101.183:443

91.254.215.167:443

73.22.121.210:443

87.202.101.164:50000

24.228.132.224:2222

70.121.198.103:2078

186.28.85.119:995

193.251.52.34:2222

98.211.64.94:443

172.117.139.142:995

70.51.153.72:2222

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  TG28.img
- Size
  
  996KB
- MD5
  
  ab6d30ea3552890c6db9f0c9e90c6ccd
- SHA1
  
  7a7154a8bedea4a0f23aa7262c339d849514e33e
- SHA256
  
  f9afc049eeefa6570b5e8cdd2b6e0a70de7fa2de619be35a0f21904886e7db29
- SHA512
  
  f70d16e4eeeb0dd8b1f3a9216be2cbc51126a57ed57302955ae2afa69dd2348b8e87a1953008e12b7f31ca0f6ac618840db27a23f7a15a0d097565f2bbb99a21
- SSDEEP
  
  24576:sYowvwJwRwJZwSw5wqwfHH8H2HHLwu2Hklx4Yk7A4DUESxy9MuI4vhL3tX:4wvwJwRwJZwSw5wqwfHH8H2HHLwu2YuR
Score

3^/10
behavioral1 behavioral2
- Target
  
  SK.vbs
- Size
  
  9KB
- MD5
  
  a69fec66b3480f661a96eedc1b615cc3
- SHA1
  
  0b91cbb4c8d5674e8e871e7544d79faae34e0be7
- SHA256
  
  e0aa8420d4748e004a6aeeaefbfe71f4378273eb7d49b5e8a99e4deb734aa840
- SHA512
  
  974136cc4fe9c7242404617fa55bd2cc61a94828c2ca1d86ffe9c1b9d42152bccd72f97dd05a754804f5afa82061bac88e9d906e1e24d7c7ccdcdd5ef9789772
- SSDEEP
  
  192:SeSjzZaUgrcl/E4rowaD/OCMhiEe1C7p11G0vdzgWF0fkbsgTbpQa:R41ajrcpE4rocCMhidGpPGmX0jWbX
Score

10^/10

qakbot bb06 1668610672 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  cushioned/whimsical.tmp
- Size
  
  528KB
- MD5
  
  a8b7b1d9a0dc34ceaa83903d0d8118f1
- SHA1
  
  272021cdc570dbe71afd10e1734aeb066075a55b
- SHA256
  
  2d0b9858efd0da610bdd13c8d4a2a2267b254d6882b27590b0e96a8672efc844
- SHA512
  
  fe84598bd1fa57589ab906d72dd9a1a2e9d267f7ad34b27fcb0e61c7c5d78955408a9c99718aea4a19971e45bfa525f2ae414a563269f06825d78d933b645048
- SSDEEP
  
  12288:Sx4YGJ7FVsr0DUESxwf9TQGWCIQ1HvhL3iL/wXLK:Sx4Yk7A4DUESxy9MuI4vhL3tX
Score

10^/10

qakbot bb06 1668610672 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6