qakbot | 114c6067d10194b8638eba3f01e6c3e44576d09d74546b7014d637b352b10e23

General

Target

AB63.img
Size

970KB
Sample

221118-emp9gsce5x
MD5

728ca18376d08499c84ef75beaa30de5
SHA1

989d0f183ff6c188dc10aaf2d2685521dad61ead
SHA256

114c6067d10194b8638eba3f01e6c3e44576d09d74546b7014d637b352b10e23
SHA512

0b56d6ca945e01f46a1b73c5f2bae877827af44a06bd854c3a116fa3de621f5b5509e55d7a9d16d96a459c2a446f01b5a7d3a5b129b92a68b799f47a78639b1d
SSDEEP

12288:Mo16F+DfZxL4+Dir8lkQ5z4hbUmKFX4GfOs5VBNYRbWAUWWvoYPiwBPhKwnONVvo:Mo16F+DRt4Tr8lkBhQp2QOUDKw9

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB06

Campaign

1668670510

C2

86.225.214.138:2222

71.183.236.133:443

182.66.197.35:443

70.66.199.12:443

76.80.180.154:995

180.151.104.143:443

92.149.205.238:2222

83.110.223.247:443

183.87.31.34:443

105.103.50.1:990

103.141.50.117:995

105.103.50.1:465

105.103.50.1:22

86.130.9.167:2222

86.99.15.243:2222

90.104.22.28:2222

172.117.139.142:995

176.142.207.63:443

142.161.27.232:2222

71.247.10.63:50003

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  AB63.img
- Size
  
  970KB
- MD5
  
  728ca18376d08499c84ef75beaa30de5
- SHA1
  
  989d0f183ff6c188dc10aaf2d2685521dad61ead
- SHA256
  
  114c6067d10194b8638eba3f01e6c3e44576d09d74546b7014d637b352b10e23
- SHA512
  
  0b56d6ca945e01f46a1b73c5f2bae877827af44a06bd854c3a116fa3de621f5b5509e55d7a9d16d96a459c2a446f01b5a7d3a5b129b92a68b799f47a78639b1d
- SSDEEP
  
  12288:Mo16F+DfZxL4+Dir8lkQ5z4hbUmKFX4GfOs5VBNYRbWAUWWvoYPiwBPhKwnONVvo:Mo16F+DRt4Tr8lkBhQp2QOUDKw9
Score

3^/10
behavioral1 behavioral2
- Target
  
  WW.js
- Size
  
  9KB
- MD5
  
  6522ad4f1e1620d242c5a76a3abd26ef
- SHA1
  
  b39d6a4b0989717ec089ea2e07e69662e7a1c5d9
- SHA256
  
  489be1bddb7b9af349836dfd5fc52cc35a7c620f7fbb3c6130be5f65c220e111
- SHA512
  
  385b5a8b1b62cfe3a142ec1a7672c46e4c21427a1d8a4aaaf20c6397adf3f621ddd1be40177520a6eefa92d5ac25ef919f588a09ee558cad4c3c8b697cd85d76
- SSDEEP
  
  192:0SLjDJq0Tavgx685UIroAKbP2KTMhS0OGYm5llWVjAvNzAWMuEvk7MgG+r5A6:jVq2k785UIro8KTMhSeYm5P2jiuuEjP4
Score

10^/10

qakbot bb06 1668670510 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  animators/extrapolates.tmp
- Size
  
  835KB
- MD5
  
  e3de48fdfb03f78db7fd9c16f994d732
- SHA1
  
  d538a3cfd2e2c97c210ffa4decb58cf653f21f25
- SHA256
  
  1fa7fa49515c4e65daad6e88feab8498624cb577a722419d193f179a1b03dbb5
- SHA512
  
  306959e0216481d9238a4237c7a891688721e7c186d44d158d623a452d7e330471b59d38613144afa5a71844d4fc4eeca9f93b89dea9f3dc22569c6bb27a15be
- SSDEEP
  
  12288:T6F+DfZxL4+Dir8lkQ5z4hbUmKFX4GfOs5VBNYRbWAUWWvoYPiwBP:T6F+DRt4Tr8lkBhQp2QOU
Score

10^/10

qakbot bb06 1668670510 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6