qakbot | cb0d0468a068236d55f7b432be7ca848656936a942cd25dca9e92dae20a37ae6

General

Target

KX56.img
Size

970KB
Sample

221117-w1wrvsfb83
MD5

2db3d4e055cf8523d3575e3f97effee9
SHA1

4ba2aa41aa7bb7b196c79300a13cd69a20fb4176
SHA256

cb0d0468a068236d55f7b432be7ca848656936a942cd25dca9e92dae20a37ae6
SHA512

5095cec99f7e9830b2fa7a7fa04dca50c9f0bf6cba5fe74998a53a0a7e98a71e025e1a6c9cb946defb4d2a6aa41ef521cd972c72ad72a321a7ad5516d18f1386
SSDEEP

12288:3o2KwnON76F+DfZxL4+Dir8lkQ5z4hb/mKFX4GfOs5VBNYRbWAUWWvoYPiwBP2vo:3o2KwW6F+DRt4Tr8lkBh7p2QOUZ

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB06

Campaign

1668670510

C2

86.225.214.138:2222

71.183.236.133:443

182.66.197.35:443

70.66.199.12:443

76.80.180.154:995

180.151.104.143:443

92.149.205.238:2222

83.110.223.247:443

183.87.31.34:443

105.103.50.1:990

103.141.50.117:995

105.103.50.1:465

105.103.50.1:22

86.130.9.167:2222

86.99.15.243:2222

90.104.22.28:2222

172.117.139.142:995

176.142.207.63:443

142.161.27.232:2222

71.247.10.63:50003

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  KX56.img
- Size
  
  970KB
- MD5
  
  2db3d4e055cf8523d3575e3f97effee9
- SHA1
  
  4ba2aa41aa7bb7b196c79300a13cd69a20fb4176
- SHA256
  
  cb0d0468a068236d55f7b432be7ca848656936a942cd25dca9e92dae20a37ae6
- SHA512
  
  5095cec99f7e9830b2fa7a7fa04dca50c9f0bf6cba5fe74998a53a0a7e98a71e025e1a6c9cb946defb4d2a6aa41ef521cd972c72ad72a321a7ad5516d18f1386
- SSDEEP
  
  12288:3o2KwnON76F+DfZxL4+Dir8lkQ5z4hb/mKFX4GfOs5VBNYRbWAUWWvoYPiwBP2vo:3o2KwW6F+DRt4Tr8lkBh7p2QOUZ
Score

3^/10
behavioral1 behavioral2
- Target
  
  WW.js
- Size
  
  9KB
- MD5
  
  5e76677fc337cb8777207a5369b0e893
- SHA1
  
  d6e57ab3734b49003f2640eb9215b368455aba23
- SHA256
  
  75dd58d87bff66dad28d6360039934502ae4be82e19c4ad3b4d8cf3473399644
- SHA512
  
  201fd060e9e917d909456bb1780fec5438bbb865fcc5a832c21f6e500b658a1d2734d316c38e62f5d6d17bd8fd556bd365e2db957f25515890010efdabd934d1
- SSDEEP
  
  192:tSLjDJq0Tavgx685UIroAKbP2KTMhS0OGYm5llWVjAvNzAWMuEvk7MgG+r5A6:IVq2k785UIro8KTMhSeYm5P2jiuuEjP4
Score

10^/10

qakbot bb06 1668670510 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  animators/simplicity.tmp
- Size
  
  835KB
- MD5
  
  711c6d41d1a44d79c714e51aefe6955c
- SHA1
  
  127ae959a83f0090cf7146583a5a98ef9f898ee2
- SHA256
  
  0e0fb9323e1aeab7567b89daf2f39bf9422d203d1e0bfc280d56d3082e24da0c
- SHA512
  
  6f5257af68aa3d75c48c320e5d762326138251826773d7c3c6d1964ac2634747006a08c8dd06512b2dde1e04b8d8f0d1d9f2e175da33dc77959e58e98c2de886
- SSDEEP
  
  12288:T6F+DfZxL4+Dir8lkQ5z4hb/mKFX4GfOs5VBNYRbWAUWWvoYPiwBP:T6F+DRt4Tr8lkBh7p2QOU
Score

10^/10

qakbot bb06 1668670510 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6