qakbot | 9d66b492748074940499e799aae67b5ab2017489ac80ce33a02172b54c1c5ff5

General

Target

password SK16.zip
Size

312KB
Sample

221117-vez2qafa35
MD5

4cf8376188667e3e056c03453c2c59a1
SHA1

eb9efc681fee7c96e11e680363813750525fa209
SHA256

9d66b492748074940499e799aae67b5ab2017489ac80ce33a02172b54c1c5ff5
SHA512

41bad241a566afb1e2de2621bd621dcdf4a12c4066e15908263809577b7f6f38ad407e03b21d5f542288830ad4fb9782473ebf02fcf481b8439f0078c9592520
SSDEEP

6144:FNMXrsszxxRswDqNG1sdThCphp1KWKIv51g4quOZU/RxtqTv9dOUiY50q:F+Xw6xR2NCIh+b1Kc1hquaUZDWeUiW0q

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB06

Campaign

1668683197

C2

23.240.47.58:995

12.172.173.82:465

91.169.12.198:32100

94.63.65.146:443

80.13.179.151:2222

64.207.237.118:443

24.206.27.39:443

83.114.60.6:2222

86.171.75.63:443

86.195.32.149:2222

170.253.25.35:443

92.185.204.18:2078

157.231.42.190:995

170.249.59.153:443

174.101.111.4:443

116.74.163.152:443

76.80.180.154:995

180.151.104.143:443

86.130.9.167:2222

86.99.15.243:2222

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  WW.js
- Size
  
  9KB
- MD5
  
  bbce36c69661141e7018c5e04a2d5117
- SHA1
  
  94f3f008b6761181317e8ac50a781d54ad61278f
- SHA256
  
  da55c8c3063610059ba6a80998f9c5f90dd2c5441fbabf64860342440d472992
- SHA512
  
  a06f863f630083e072b6f8a9a0996f36790c922cc46e4b7e1b9d1266f2a47379f79531a86c02bf0a2af7b315a812da2b6816c1ff143bcc20247c4571eed4974e
- SSDEEP
  
  192:jESLjDJq0Tavgx685UIroAKbP2KTMhS0OGYm5llWVjAvNzAWMuEvk7MgG+r5A6:vVq2k785UIro8KTMhSeYm5P2jiuuEjP4
Score

10^/10

qakbot bb06 1668683197 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  port/spokesman.tmp
- Size
  
  691KB
- MD5
  
  70b0d200c9d79227686cb594bdd8176e
- SHA1
  
  9bd21ad68c02f3bdecae647cdd8df771ef799cf2
- SHA256
  
  b1fca64604bf54da33f10ed9757635f53f525b768e1d5d97c17e444926d077dc
- SHA512
  
  a3153a82db5b3308736f6c2241a6108bd91c69d3dd05a936707e4f4012da580ecc666584ac657007107e089d7c7dab6e8be570409fccd621cff0f95e5036396e
- SSDEEP
  
  12288:sjGfBlSYUWlaVxbYUGOpGPq1Tu/VxdZlUP9Xq4F/9:sjkqW8wWpD9u/VLM9Xq4n
Score

10^/10

qakbot bb06 1668683197 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4