qakbot | 772f87511e89cdf3d1f80a79eeef6ad15b0c03b9d5b06f961ac73b3b3cfe311f

General

Target

LW18.img
Size

970KB
Sample

221117-zq3dfafg53
MD5

4b7e51ded159f5554aea40bc701fbc59
SHA1

3a82b56219b4cdf36125313c3d89a6c9497525a1
SHA256

772f87511e89cdf3d1f80a79eeef6ad15b0c03b9d5b06f961ac73b3b3cfe311f
SHA512

13f13d2c45920cc3549820cbc1c2f8eab9884a947f6e03e7facb569d638a0ce40b10d98d1f591c7997c0e67fb6f25878234242391b0116a95f8f2ae8cf640a8a
SSDEEP

12288:woEKwnONVvoo6F+DfZxL4+Dir8lkQ5z4hbzmKFX4GfOs5VBNYRbWAUWWvoYPiwBP:woEKw9o6F+DRt4Tr8lkBhfp2QOU

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB06

Campaign

1668670510

C2

86.225.214.138:2222

71.183.236.133:443

182.66.197.35:443

70.66.199.12:443

76.80.180.154:995

180.151.104.143:443

92.149.205.238:2222

83.110.223.247:443

183.87.31.34:443

105.103.50.1:990

103.141.50.117:995

105.103.50.1:465

105.103.50.1:22

86.130.9.167:2222

86.99.15.243:2222

90.104.22.28:2222

172.117.139.142:995

176.142.207.63:443

142.161.27.232:2222

71.247.10.63:50003

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  LW18.img
- Size
  
  970KB
- MD5
  
  4b7e51ded159f5554aea40bc701fbc59
- SHA1
  
  3a82b56219b4cdf36125313c3d89a6c9497525a1
- SHA256
  
  772f87511e89cdf3d1f80a79eeef6ad15b0c03b9d5b06f961ac73b3b3cfe311f
- SHA512
  
  13f13d2c45920cc3549820cbc1c2f8eab9884a947f6e03e7facb569d638a0ce40b10d98d1f591c7997c0e67fb6f25878234242391b0116a95f8f2ae8cf640a8a
- SSDEEP
  
  12288:woEKwnONVvoo6F+DfZxL4+Dir8lkQ5z4hbzmKFX4GfOs5VBNYRbWAUWWvoYPiwBP:woEKw9o6F+DRt4Tr8lkBhfp2QOU
Score

3^/10
behavioral1 behavioral2
- Target
  
  WW.js
- Size
  
  9KB
- MD5
  
  dc9f1b8f4a5c493639f1bf450d0f9f3a
- SHA1
  
  619ec6fc365a17707a65289675d2e6174f88e3da
- SHA256
  
  dbe33c7907ca078adde08d8f4ef29eb6f3cad87a7ed7ce7075db05916f1acb8b
- SHA512
  
  55106749379a1264a28812203b4777036f0202b6d343cae432310147d3674b4238ae84cd317390b857cbdec59c2b1026225eb4ff049ad9c334535090dd108c33
- SSDEEP
  
  192:7SLjDJq0Tavgx685UIroAKbP2KTMhS0OGYm5llWVjAvNzAWMuEvk7MgG+r5A6:SVq2k785UIro8KTMhSeYm5P2jiuuEjP4
Score

10^/10

qakbot bb06 1668670510 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  animators/underhandedly.tmp
- Size
  
  835KB
- MD5
  
  b9aa80521f7829481b1e77ca88004c20
- SHA1
  
  680ca2054f703e81f0e2a9bf692f72cdb37f244b
- SHA256
  
  ee9ac7ca303808eb2efb816d49ae39b7181eabfe656403654b791177e7a69eda
- SHA512
  
  763fcc9b188ba4932129e0f40ec0f2a30cedeb0e8370195f45388c7438a43f6076dcec8ed7a3a8db0c51501355f1f5dc345ba37cb3c4ced776c7fbb9cb553953
- SSDEEP
  
  12288:T6F+DfZxL4+Dir8lkQ5z4hbzmKFX4GfOs5VBNYRbWAUWWvoYPiwBP:T6F+DRt4Tr8lkBhfp2QOU
Score

10^/10

qakbot bb06 1668670510 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6