qakbot | 025d4ddd87f02f8673a90fc673f765e25fe3c9b8ab49b9717dcd6c4cf3c04630

General

Target

OU18.img
Size

996KB
Sample

221117-qmg4naae4t
MD5

4f52b8778c4ed7ab7d0e17b583255846
SHA1

878dd1ff5d12f8c1ca1bb90e3737250757a40510
SHA256

025d4ddd87f02f8673a90fc673f765e25fe3c9b8ab49b9717dcd6c4cf3c04630
SHA512

9edbe5878855b616111c02361cdbad99e077268ca0ae807b2c437f35b0a032a9b788448ea660e17badb0a7378b54f0504ce7cff28e9c85b817513833cf307ca1
SSDEEP

24576:VYNx4Yk7A4DUESxB9MuI4vhL3tXwwvwJwRwJZwSw5wqwfHH8H2HHLwu2Hk:4uY0ArHWT4vJ3tXwwvwJwRwJZwSw5wqj

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB06

Campaign

1668610672

C2

87.243.146.59:443

90.104.22.28:2222

200.93.14.206:2222

86.171.75.63:443

92.185.204.18:2078

86.225.214.138:2222

152.170.17.136:443

92.27.86.48:2222

76.80.180.154:995

71.31.101.183:443

91.254.215.167:443

73.22.121.210:443

87.202.101.164:50000

24.228.132.224:2222

70.121.198.103:2078

186.28.85.119:995

193.251.52.34:2222

98.211.64.94:443

172.117.139.142:995

70.51.153.72:2222

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  OU18.img
- Size
  
  996KB
- MD5
  
  4f52b8778c4ed7ab7d0e17b583255846
- SHA1
  
  878dd1ff5d12f8c1ca1bb90e3737250757a40510
- SHA256
  
  025d4ddd87f02f8673a90fc673f765e25fe3c9b8ab49b9717dcd6c4cf3c04630
- SHA512
  
  9edbe5878855b616111c02361cdbad99e077268ca0ae807b2c437f35b0a032a9b788448ea660e17badb0a7378b54f0504ce7cff28e9c85b817513833cf307ca1
- SSDEEP
  
  24576:VYNx4Yk7A4DUESxB9MuI4vhL3tXwwvwJwRwJZwSw5wqwfHH8H2HHLwu2Hk:4uY0ArHWT4vJ3tXwwvwJwRwJZwSw5wqj
Score

3^/10
behavioral1 behavioral2
- Target
  
  SK.vbs
- Size
  
  9KB
- MD5
  
  83e491100310aa016ff7368ac39f3f44
- SHA1
  
  988e07a90a3076e36c76cfd8501a476f179d80e1
- SHA256
  
  443159a4cc6cccdb323a2b29ec0cff3918cfabfc38a105a8208fbf2b9eb2a5ff
- SHA512
  
  acf49c2fe538ca47dc30d15d35dd2143d9eb3ba7b25f0c57d49121f6692ad1186f98138520cd35a6bd056e9ddffacb065276c57a71aa6842f1cb8c91b911c272
- SSDEEP
  
  192:oeSjzZaUgrcl/E4rowaD/OCMhiEe1C7p11G0vdzgWF0fkbsgTbpQa:z41ajrcpE4rocCMhidGpPGmX0jWbX
Score

10^/10

qakbot bb06 1668610672 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  cushioned/fares.tmp
- Size
  
  528KB
- MD5
  
  8b0b2cb728627b919bbb6b777240ac4c
- SHA1
  
  cba454f5092dd2b24e65f8c7d57a2c8fcaa6167e
- SHA256
  
  60e5ea3e52bda77d85e9fc7491355624b2d8cb70606f3e678b550467f1911fbd
- SHA512
  
  2def32ce427ab4f6a4980d69161116bce26893a4b9779c277029116b3159c6c2572ca35e62ca745c8d1d848b44370b5a06c0b3803539869178e25595cf22bee9
- SSDEEP
  
  12288:Sx4YGJ7FVsr0DUESx1f9TQGWCIQ1HvhL3iL/wXLK:Sx4Yk7A4DUESxB9MuI4vhL3tX
Score

10^/10

qakbot bb06 1668610672 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6