qakbot | b866e642c8167ffbeb5d55df5ea8bf2c5e565fd05242ed2a2934a6ca48745153

General

Target

AR37.img
Size

970KB
Sample

221117-yncvbsfe76
MD5

3f430d80f682127c82644220ce17ebcd
SHA1

294f41577e9abaaf39c61d079ed407021d421eff
SHA256

b866e642c8167ffbeb5d55df5ea8bf2c5e565fd05242ed2a2934a6ca48745153
SHA512

a28e112be646337b3848da600823830c2d70e67749dd7402c35643f8af294ef333a2a85e0d50236a3349884dfaab1a3ed570ff8c24ce28f6fe552fc7d1bf9451
SSDEEP

12288:mon6F+DfZxL4+Dir8lkQ5z4hbAmKFX4GfOs5VBNYRbWAUWWvoYPiwBPhKwnONVvo:mon6F+DRt4Tr8lkBh8p2QOUDKw9

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB06

Campaign

1668670510

C2

86.225.214.138:2222

71.183.236.133:443

182.66.197.35:443

70.66.199.12:443

76.80.180.154:995

180.151.104.143:443

92.149.205.238:2222

83.110.223.247:443

183.87.31.34:443

105.103.50.1:990

103.141.50.117:995

105.103.50.1:465

105.103.50.1:22

86.130.9.167:2222

86.99.15.243:2222

90.104.22.28:2222

172.117.139.142:995

176.142.207.63:443

142.161.27.232:2222

71.247.10.63:50003

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  AR37.img
- Size
  
  970KB
- MD5
  
  3f430d80f682127c82644220ce17ebcd
- SHA1
  
  294f41577e9abaaf39c61d079ed407021d421eff
- SHA256
  
  b866e642c8167ffbeb5d55df5ea8bf2c5e565fd05242ed2a2934a6ca48745153
- SHA512
  
  a28e112be646337b3848da600823830c2d70e67749dd7402c35643f8af294ef333a2a85e0d50236a3349884dfaab1a3ed570ff8c24ce28f6fe552fc7d1bf9451
- SSDEEP
  
  12288:mon6F+DfZxL4+Dir8lkQ5z4hbAmKFX4GfOs5VBNYRbWAUWWvoYPiwBPhKwnONVvo:mon6F+DRt4Tr8lkBh8p2QOUDKw9
Score

3^/10
behavioral1 behavioral2
- Target
  
  WW.js
- Size
  
  9KB
- MD5
  
  d598b1d3a34fa90ca653c83816b24cac
- SHA1
  
  a717d9bbc1c694f4f1b3864a1c6d75a74e9312b0
- SHA256
  
  a9cdec1aca80fcd7cb5d8beee044c3a0c5dd586335d58cc7370e2b7af614d3f0
- SHA512
  
  dccc96a2ecbc014511465088ad6c5cb267088d1dec812d6cf57bc305e6cb165615b4d155b9b226516f2a844e5bd942c54314a107207e47aa12593102fb037d2d
- SSDEEP
  
  192:WSLjDJq0Tavgx685UIroAKbP2KTMhS0OGYm5llWVjAvNzAWMuEvk7MgG+r5A6:xVq2k785UIro8KTMhSeYm5P2jiuuEjP4
Score

10^/10

qakbot bb06 1668670510 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  animators/burford.tmp
- Size
  
  835KB
- MD5
  
  941a70a1695ba5ed517b8ef86779ee5d
- SHA1
  
  cd983d7a6c7198ebb39f53dd17518ee99b16833f
- SHA256
  
  e0e2c7645c792b922260a02045108ac34eabeb4ab217a23eed8d7846ea456965
- SHA512
  
  66c0eda05387f023e544e0d02e9420dd1447f110cc9a6efdca9dd6401043d2ef7a5ba66ef1f30c07223fd8c3acffe5680ea6402414e609e4fab74f5acd7e71e7
- SSDEEP
  
  12288:T6F+DfZxL4+Dir8lkQ5z4hbAmKFX4GfOs5VBNYRbWAUWWvoYPiwBP:T6F+DRt4Tr8lkBh8p2QOU
Score

10^/10

qakbot bb06 1668670510 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6