qakbot | 933437cb7be1291c7eacca4b2418202b147fe664f66ed0c55a937530f9a8b206

General

Target

VP98.img
Size

970KB
Sample

221118-bcvjnsgc39
MD5

88cffdddd39d666b0fca7713c3afc3ec
SHA1

35c8176c54c6687a948e82fa1092cb73c9e4dafc
SHA256

933437cb7be1291c7eacca4b2418202b147fe664f66ed0c55a937530f9a8b206
SHA512

84e6ee6ad72920cbb8ff581f5aea3c5674e9cfcf693bde632d51618eb3946adb29c0b3adb382a178cf063c6e35785c258992da12c0480a2a7e4b310e91112065
SSDEEP

12288:NouKwnON76F+DfZxL4+Dir8lkQ5z4hbbmKFX4GfOs5VBNYRbWAUWWvoYPiwBP2vo:NouKwW6F+DRt4Tr8lkBh3p2QOUZ

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB06

Campaign

1668670510

C2

86.225.214.138:2222

71.183.236.133:443

182.66.197.35:443

70.66.199.12:443

76.80.180.154:995

180.151.104.143:443

92.149.205.238:2222

83.110.223.247:443

183.87.31.34:443

105.103.50.1:990

103.141.50.117:995

105.103.50.1:465

105.103.50.1:22

86.130.9.167:2222

86.99.15.243:2222

90.104.22.28:2222

172.117.139.142:995

176.142.207.63:443

142.161.27.232:2222

71.247.10.63:50003

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  VP98.img
- Size
  
  970KB
- MD5
  
  88cffdddd39d666b0fca7713c3afc3ec
- SHA1
  
  35c8176c54c6687a948e82fa1092cb73c9e4dafc
- SHA256
  
  933437cb7be1291c7eacca4b2418202b147fe664f66ed0c55a937530f9a8b206
- SHA512
  
  84e6ee6ad72920cbb8ff581f5aea3c5674e9cfcf693bde632d51618eb3946adb29c0b3adb382a178cf063c6e35785c258992da12c0480a2a7e4b310e91112065
- SSDEEP
  
  12288:NouKwnON76F+DfZxL4+Dir8lkQ5z4hbbmKFX4GfOs5VBNYRbWAUWWvoYPiwBP2vo:NouKwW6F+DRt4Tr8lkBh3p2QOUZ
Score

3^/10
behavioral1 behavioral2
- Target
  
  WW.js
- Size
  
  9KB
- MD5
  
  f3f958699886f7163634fb5cf8b398ac
- SHA1
  
  34c88276b1303f0bee4ee11f2f1fed589d3ef687
- SHA256
  
  663c1c30a70029edb5e8d81a8af07a1288fcb0450de45c61ca63b71d5cc62439
- SHA512
  
  e7a1bfb8aac55e22d7caad8426e1b939751b52e9c93819230f0b61efade85d9ad29083cbdf1fe1d6bcaa0853912a376bee7e19ba6b6e9701675cdcd51eae6dec
- SSDEEP
  
  192:cSLjDJq0Tavgx685UIroAKbP2KTMhS0OGYm5llWVjAvNzAWMuEvk7MgG+r5A6:LVq2k785UIro8KTMhSeYm5P2jiuuEjP4
Score

10^/10

qakbot bb06 1668670510 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  animators/punished.tmp
- Size
  
  835KB
- MD5
  
  44452f8be1b6f5c499b5e35e17081fd8
- SHA1
  
  5df69f0b0e9b0b5ec778f1437279e793d0acdf44
- SHA256
  
  ed1235a543b5f7f7bf375db284a8776245fb9ad30296306e135b02b0f30274f7
- SHA512
  
  b29403e2ad7b0fbc9ed5b5a845824f16f44d16eda2baf71a306be1971851012eb04883ad2bd6999a14ec13bfd74bfc8edbd8918e1a3b0c722f33e6466e9c9cb2
- SSDEEP
  
  12288:T6F+DfZxL4+Dir8lkQ5z4hbbmKFX4GfOs5VBNYRbWAUWWvoYPiwBP:T6F+DRt4Tr8lkBh3p2QOU
Score

10^/10

qakbot bb06 1668670510 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6