qakbot | 53510620eff74591cf84757ae2e89c7bd86eef902a8138f35ba1700e7c95d2ea

Sharing

Copy URL

Twitter E-mail

General

Target

R2494439275.zip
Size

435KB
Sample

221117-v8c42sfb35
MD5

9794a3118496fbd53b901ac76b3cb845
SHA1

550c6fb0d886987f916a98661b22acd9e564729d
SHA256

53510620eff74591cf84757ae2e89c7bd86eef902a8138f35ba1700e7c95d2ea
SHA512

b090952ae59dac34782f9519ca3d089fdadd73dad898cb495df14357e2a3cbd83008817160d2ae765d93691fc44198c4cb50a4e1c4bf26ae3dd5c8d3c48a208d
SSDEEP

12288:bpH2JeyiTBtKADhGj8IGpX4n7mYxEUtoI:521iTBtKAZ3InRSA

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB06

Campaign

1668670510

86.225.214.138:2222

71.183.236.133:443

182.66.197.35:443

70.66.199.12:443

76.80.180.154:995

180.151.104.143:443

92.149.205.238:2222

83.110.223.247:443

183.87.31.34:443

105.103.50.1:990

103.141.50.117:995

105.103.50.1:465

105.103.50.1:22

86.130.9.167:2222

86.99.15.243:2222

90.104.22.28:2222

172.117.139.142:995

176.142.207.63:443

142.161.27.232:2222

71.247.10.63:50003

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  WW.js
- Size
  
  9KB
- MD5
  
  2b84395a9fa598c324760026c9aed1fd
- SHA1
  
  1aea33bcdbe8680ee881c649775abe7d82d7095c
- SHA256
  
  7e47590ed44f3d023b37db587a9abed57b3b8893127a28822d3a2c3af1c713dc
- SHA512
  
  97c8ee02a62a9555f93ad09f218c53c12aff89da1ea089b7c4e95488c342d8e961be0c2df6b0a8f0dde5405731b0d923ba179fa89956082c300f38b97e8811a8
- SSDEEP
  
  192:DSLjDJq0Tavgx685UIroAKbP2KTMhS0OGYm5llWVjAvNzAWMuEvk7MgG+r5A6:6Vq2k785UIro8KTMhSeYm5P2jiuuEjP4
Score

10^/10

qakbot bb06 1668670510 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  animators/midweek.txt
- Size
  
  49KB
- MD5
  
  0ce0d7b753703b66f3e803a4c4d008f6
- SHA1
  
  1814977fcc30752bbbe82b95425bca9d2bc9a032
- SHA256
  
  b280d91f61ba740673e03068b72302159b6053da345f07b380b69f45b850fb24
- SHA512
  
  bccd71184a0b598499ea15e70f43abab6af6c3a5fee21b2167d8a845cd959d55d0516e44450b65b1da3251bf483c6fb42f938af10fa4b52b8b631f50a58447e2
- SSDEEP
  
  768:AX446KWOKMdW9FWpUwaDTI04vj1j2kWoQ1b1/Hf7I04vjyj2kV:AoQVKb4UwiTchj/tQl1/7c+j/V
Score

1^/10
behavioral3 behavioral4
- Target
  
  animators/shacked.tmp
- Size
  
  835KB
- MD5
  
  d06e0e54a6d4c8a7996f1e2619f1efdf
- SHA1
  
  d689846c783af6786748dce785a422aaeb73bb6c
- SHA256
  
  ed974b2b9e7dd9d96977e605f474f3ba8cfa4b1dbc9f12bbfabda9e06c7b39a7
- SHA512
  
  1323e002dbeffd6a8ca50b9e0f697d1a783c3fcc7315666f26ce5fd3100a4b9b575d480e6da02cfd73191e5b804c969c3e176bd16dc229561549463cf1dd9c38
- SSDEEP
  
  12288:T6F+DfZxL4+Dir8lkQ5z4hbsmKFX4GfOs5VBNYRbWAUWWvoYPiwBP:T6F+DRt4Tr8lkBhgp2QOU
Score

10^/10

qakbot bb06 1668670510 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6
- Target
  
  animators/soloist.png
- Size
  
  17KB
- MD5
  
  4ce5c6f92b1f92425c5f404d50667c1e
- SHA1
  
  75c25b91aa35c2c30360ce05388e0e7b80fa844c
- SHA256
  
  616c75fededbd575771da0381c8d02c7d0eed117ec061f82027e4a9a0107f259
- SHA512
  
  ffb05e822f01861634bc0f0f81f92d8695471695306b2c3d3017b2b97527c56639ed70b764f4d7a700e2cb0020c414f9082b1ba4f3a604114f5cd8e701ad7ec5
- SSDEEP
  
  384:MintpGIxlBt6ykzQpXd6efLS7+rbaIj3BHnZLy0bDPtkb8:MitoIZt6yk+9L6G3BHnZLy0WY
Score

3^/10
behavioral7 behavioral8
- Target
  
  data.txt
- Size
  
  5B
- MD5
  
  2e24e01ec251c8c851897724d3469520
- SHA1
  
  0ddb51524f91c79380fbfaf345437a960c3c2428
- SHA256
  
  124880061f6255dd7b59b73613ea8d246648be1d34f860b753d4b390c51496d3
- SHA512
  
  537edd95435d2f2687a6ba41f1006bd96f8b4f2882a03f09103cd4d140df7e6116fe10a44d28dfdcd6598424ed33c16477df905a37ad3dd2e4a03784294fa1ab
Score

1^/10
behavioral10 behavioral9

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10