qakbot | 58ebb57b6d1df9dec1d944d6c0978825b5ee734515199960d324f8c83c949376

General

Target

SR92.img
Size

970KB
Sample

221117-y7py1abe9v
MD5

d242dfa93ab741ebdac6525270ea27cf
SHA1

3d2b86aff1567287f8745fa6697cf6ec7dd87800
SHA256

58ebb57b6d1df9dec1d944d6c0978825b5ee734515199960d324f8c83c949376
SHA512

514a3ac03e226018d5e2a03ac98603f36be4cd9dd634d7e4df72298c6a3c8b28de13e643d483b77becf576bbcaed993f6b16cfacd37180e7ab50ed987f2cab09
SSDEEP

12288:yoN6F+DfZxL4+Dir8lkQ5z4hbgmKFX4GfOs5VBNYRbWAUWWvoYPiwBPhKwnONVvo:yoN6F+DRt4Tr8lkBhcp2QOUDKw9

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB06

Campaign

1668670510

C2

86.225.214.138:2222

71.183.236.133:443

182.66.197.35:443

70.66.199.12:443

76.80.180.154:995

180.151.104.143:443

92.149.205.238:2222

83.110.223.247:443

183.87.31.34:443

105.103.50.1:990

103.141.50.117:995

105.103.50.1:465

105.103.50.1:22

86.130.9.167:2222

86.99.15.243:2222

90.104.22.28:2222

172.117.139.142:995

176.142.207.63:443

142.161.27.232:2222

71.247.10.63:50003

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  SR92.img
- Size
  
  970KB
- MD5
  
  d242dfa93ab741ebdac6525270ea27cf
- SHA1
  
  3d2b86aff1567287f8745fa6697cf6ec7dd87800
- SHA256
  
  58ebb57b6d1df9dec1d944d6c0978825b5ee734515199960d324f8c83c949376
- SHA512
  
  514a3ac03e226018d5e2a03ac98603f36be4cd9dd634d7e4df72298c6a3c8b28de13e643d483b77becf576bbcaed993f6b16cfacd37180e7ab50ed987f2cab09
- SSDEEP
  
  12288:yoN6F+DfZxL4+Dir8lkQ5z4hbgmKFX4GfOs5VBNYRbWAUWWvoYPiwBPhKwnONVvo:yoN6F+DRt4Tr8lkBhcp2QOUDKw9
Score

3^/10
behavioral1 behavioral2
- Target
  
  WW.js
- Size
  
  9KB
- MD5
  
  4a361f400a686c12b6f668065fb54862
- SHA1
  
  8ffde38834a10fb538bd352e9a82c5887ee1a65d
- SHA256
  
  ea1710c0d9b8d384d4bcfbf308df5e28e87cc1a5175cfa5067567a7de2a1063d
- SHA512
  
  6789c1ba09198975890b27eee921e943e996471ed97dbd9796fe54845b0c467e56ba86ffdabd74ef618a3cb756fbb8830c6a0a229aab7be7bd45481c3369169c
- SSDEEP
  
  192:rSLjDJq0Tavgx685UIroAKbP2KTMhS0OGYm5llWVjAvNzAWMuEvk7MgG+r5A6:iVq2k785UIro8KTMhSeYm5P2jiuuEjP4
Score

10^/10

qakbot bb06 1668670510 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  animators/dearer.tmp
- Size
  
  835KB
- MD5
  
  94a988217a3d87446c79ef01a7ce19af
- SHA1
  
  0670f2027b6055d198851127f2745aa13e1a1bb5
- SHA256
  
  7b9c3041c8f80c290bc54d2c6b521fb08fc38a0bcc6dbf268bc0560cf7c513ec
- SHA512
  
  c163da3497dd734f909e4c5522e10cb3d6f76a40a103b95beedabe08034d279e549a640677a29ec38a2e6cc7c01d80a1bcadb63538573b6eff3250a07a0849ad
- SSDEEP
  
  12288:T6F+DfZxL4+Dir8lkQ5z4hbgmKFX4GfOs5VBNYRbWAUWWvoYPiwBP:T6F+DRt4Tr8lkBhcp2QOU
Score

10^/10

qakbot bb06 1668670510 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6