qakbot | 8174b9c587ff701b87e200c07d7f43c4234f54e8687ced20dab2b33abbf2d52f

General

Target

FW01.img
Size

970KB
Sample

221117-xkbmesbc4t
MD5

da734a9e9845b15d7940a9c4ef282310
SHA1

4b09ec306d2eb38dacf8da717765f87cf613bb2b
SHA256

8174b9c587ff701b87e200c07d7f43c4234f54e8687ced20dab2b33abbf2d52f
SHA512

fd9f9b7ef483d8484149b130ab4165bf1afb58e79469591cf8d55a371432812ba86763c503f82d1112a232f619bbb8cdd69f6ded6f96ab4696d68badd4b2bc50
SSDEEP

12288:SoEKwnONVvoo6F+DfZxL4+Dir8lkQ5z4hb5mKFX4GfOs5VBNYRbWAUWWvoYPiwBP:SoEKw9o6F+DRt4Tr8lkBhdp2QOU

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB06

Campaign

1668670510

C2

86.225.214.138:2222

71.183.236.133:443

182.66.197.35:443

70.66.199.12:443

76.80.180.154:995

180.151.104.143:443

92.149.205.238:2222

83.110.223.247:443

183.87.31.34:443

105.103.50.1:990

103.141.50.117:995

105.103.50.1:465

105.103.50.1:22

86.130.9.167:2222

86.99.15.243:2222

90.104.22.28:2222

172.117.139.142:995

176.142.207.63:443

142.161.27.232:2222

71.247.10.63:50003

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  FW01.img
- Size
  
  970KB
- MD5
  
  da734a9e9845b15d7940a9c4ef282310
- SHA1
  
  4b09ec306d2eb38dacf8da717765f87cf613bb2b
- SHA256
  
  8174b9c587ff701b87e200c07d7f43c4234f54e8687ced20dab2b33abbf2d52f
- SHA512
  
  fd9f9b7ef483d8484149b130ab4165bf1afb58e79469591cf8d55a371432812ba86763c503f82d1112a232f619bbb8cdd69f6ded6f96ab4696d68badd4b2bc50
- SSDEEP
  
  12288:SoEKwnONVvoo6F+DfZxL4+Dir8lkQ5z4hb5mKFX4GfOs5VBNYRbWAUWWvoYPiwBP:SoEKw9o6F+DRt4Tr8lkBhdp2QOU
Score

3^/10
behavioral1 behavioral2
- Target
  
  WW.js
- Size
  
  9KB
- MD5
  
  f826212b14871130254da9ea0ca7ec12
- SHA1
  
  9733a4ed7f78fafe6fa144bcc472057a61ab2786
- SHA256
  
  37faba861c19df36ff2e2c59daff718e088e28155f3f58f1783ff7fdacf97679
- SHA512
  
  d96c9971f3d5b713b4b5b2cd0cecaf67454a66d0abf27b2189f35867f857bd7ec871406bccd3f334af1694dceb52bcd3d1c9f807a80840d235ff7ff7e13d2e85
- SSDEEP
  
  192:YSLjDJq0Tavgx685UIroAKbP2KTMhS0OGYm5llWVjAvNzAWMuEvk7MgG+r5A6:HVq2k785UIro8KTMhSeYm5P2jiuuEjP4
Score

10^/10

qakbot bb06 1668670510 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  animators/supplications.tmp
- Size
  
  835KB
- MD5
  
  4db6b417613a8fcd32f46a874ce6df27
- SHA1
  
  66d099edbc3a634bb31b5ad0f531e18a40a74070
- SHA256
  
  6b59a0e1514108174d751b45ecd54b5841a7fe5a5069cc75be964c9abcea1cf7
- SHA512
  
  f17b04f7c78b55f3086956d5fa22dc8e8154fd797daf3c8f11f49114c2dc8275e3c6fee8f36440f8deca19b27199fc37009860d4027ee801ddac93e88fbafc60
- SSDEEP
  
  12288:T6F+DfZxL4+Dir8lkQ5z4hb5mKFX4GfOs5VBNYRbWAUWWvoYPiwBP:T6F+DRt4Tr8lkBhdp2QOU
Score

10^/10

qakbot bb06 1668670510 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6