qakbot | a81e97eddfda7b8a52b836f584f4ee78904cacc60d376cbbe67f54f7466e433a

General

Target

UQ92.img
Size

996KB
Sample

221117-q6wfdsae81
MD5

b07c3978cae981bca8a8fc07eb53d01b
SHA1

5010ff3ee0ec1230de6b0d1f733b2694399112d2
SHA256

a81e97eddfda7b8a52b836f584f4ee78904cacc60d376cbbe67f54f7466e433a
SHA512

8083ba4c749d02a8ac5cd3b94823f15cd2f37f89212f2e6aa652ea81dfad9e8d9370561aa468e0ee235df11c74e22c03c8aabcef8e7ee18791959dc18db8e96c
SSDEEP

24576:GYywvwJwRwJZwSw5wqwfHH8H2HHLwRx4Yk7A4DUESxk9MuI4vhL3tXC2Hk:MwvwJwRwJZwSw5wqwfHH8H2HHLwRuY01

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB06

Campaign

1668610672

C2

87.243.146.59:443

90.104.22.28:2222

200.93.14.206:2222

86.171.75.63:443

92.185.204.18:2078

86.225.214.138:2222

152.170.17.136:443

92.27.86.48:2222

76.80.180.154:995

71.31.101.183:443

91.254.215.167:443

73.22.121.210:443

87.202.101.164:50000

24.228.132.224:2222

70.121.198.103:2078

186.28.85.119:995

193.251.52.34:2222

98.211.64.94:443

172.117.139.142:995

70.51.153.72:2222

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  UQ92.img
- Size
  
  996KB
- MD5
  
  b07c3978cae981bca8a8fc07eb53d01b
- SHA1
  
  5010ff3ee0ec1230de6b0d1f733b2694399112d2
- SHA256
  
  a81e97eddfda7b8a52b836f584f4ee78904cacc60d376cbbe67f54f7466e433a
- SHA512
  
  8083ba4c749d02a8ac5cd3b94823f15cd2f37f89212f2e6aa652ea81dfad9e8d9370561aa468e0ee235df11c74e22c03c8aabcef8e7ee18791959dc18db8e96c
- SSDEEP
  
  24576:GYywvwJwRwJZwSw5wqwfHH8H2HHLwRx4Yk7A4DUESxk9MuI4vhL3tXC2Hk:MwvwJwRwJZwSw5wqwfHH8H2HHLwRuY01
Score

3^/10
behavioral1 behavioral2
- Target
  
  SK.vbs
- Size
  
  9KB
- MD5
  
  f52ab97b878e80dc4c8c3a9daf489e2b
- SHA1
  
  644b925a99cdd491c2fcdffecc8369a8b18b93c4
- SHA256
  
  1a1ba3831ce659d64a2fdfdd3d1b10669f0ae4127131bbe4a45b07bf496bc15b
- SHA512
  
  ff3a3a3634950ffd2847fe16552014e699e6b7cd8ee65d6829c3bc2dc9fb34a3d4c1054352bdb34bf34e9a83dda770da10ed2200da8ff5646c009c2d85e8cefa
- SSDEEP
  
  192:feSjzZaUgrcl/E4rowaD/OCMhiEe1C7p11G0vdzgWF0fkbsgTbpQa:241ajrcpE4rocCMhidGpPGmX0jWbX
Score

10^/10

qakbot bb06 1668610672 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  cushioned/underdeveloped.tmp
- Size
  
  528KB
- MD5
  
  b6450ee144429d1f1a2bd987ef6c9500
- SHA1
  
  eb15fb7e214ae7c38dee15f169c8cb89d28d9fe9
- SHA256
  
  611a1c93fcdf894d765073e1981c6ae0ff4bdaef092d8c42c8fd3b1758d93e44
- SHA512
  
  a6feab2b12bb717f9dfed9e7dfb3ddc91b8b5f19fa6afc0122258192e29260bfa3ffb16a259807a6ca45e12e19529c3e8c8f423e715dc2bc9a8b9f391b0e59b0
- SSDEEP
  
  12288:Sx4YGJ7FVsr0DUESxOf9TQGWCIQ1HvhL3iL/wXLK:Sx4Yk7A4DUESxk9MuI4vhL3tX
Score

10^/10

qakbot bb06 1668610672 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6