qakbot | 0800502185324ef69b6c9eadef31460151a0a7fea21f1115e41fff7ee3a911cd

General

Target

IC86.img
Size

970KB
Sample

221118-f9228scf2w
MD5

5a47bdc7adf63e6f5a7abe33a40183bb
SHA1

85b686a0fddc5382ae477a93ff31b9c54574614b
SHA256

0800502185324ef69b6c9eadef31460151a0a7fea21f1115e41fff7ee3a911cd
SHA512

ddcc0e67dac58c6481d5c7e2deb9b42855077af8dce4817263909a87f9fa80547ca225d7ae270bc73ddca4b568caf853a950afc8ef6281d646ad974d843e9649
SSDEEP

12288:Eo96F+DfZxL4+Dir8lkQ5z4hb2mKFX4GfOs5VBNYRbWAUWWvoYPiwBPhKwnONVvo:Eo96F+DRt4Tr8lkBhSp2QOUDKw9

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB06

Campaign

1668670510

C2

86.225.214.138:2222

71.183.236.133:443

182.66.197.35:443

70.66.199.12:443

76.80.180.154:995

180.151.104.143:443

92.149.205.238:2222

83.110.223.247:443

183.87.31.34:443

105.103.50.1:990

103.141.50.117:995

105.103.50.1:465

105.103.50.1:22

86.130.9.167:2222

86.99.15.243:2222

90.104.22.28:2222

172.117.139.142:995

176.142.207.63:443

142.161.27.232:2222

71.247.10.63:50003

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  IC86.img
- Size
  
  970KB
- MD5
  
  5a47bdc7adf63e6f5a7abe33a40183bb
- SHA1
  
  85b686a0fddc5382ae477a93ff31b9c54574614b
- SHA256
  
  0800502185324ef69b6c9eadef31460151a0a7fea21f1115e41fff7ee3a911cd
- SHA512
  
  ddcc0e67dac58c6481d5c7e2deb9b42855077af8dce4817263909a87f9fa80547ca225d7ae270bc73ddca4b568caf853a950afc8ef6281d646ad974d843e9649
- SSDEEP
  
  12288:Eo96F+DfZxL4+Dir8lkQ5z4hb2mKFX4GfOs5VBNYRbWAUWWvoYPiwBPhKwnONVvo:Eo96F+DRt4Tr8lkBhSp2QOUDKw9
Score

3^/10
behavioral1 behavioral2
- Target
  
  WW.js
- Size
  
  9KB
- MD5
  
  127351d9299d91db24e0b4a4f6c3c73f
- SHA1
  
  f31731d0e31e04b28fd9e8c8aa0bc57f6bbcb80d
- SHA256
  
  92fa8c7848e15ad0d31dd5d692ebc5f25c59dda6ee49ea25d8834a6ccbe1d1af
- SHA512
  
  5df88697232fa263e15f1ddf3a33cdc5d050cf783824b1796ca85d9a71c846c36f9ae61aaf3df69ea0ce4347e9a42efa2df5bcae13000771166673e7b5366fff
- SSDEEP
  
  192:eSLjDJq0Tavgx685UIroAKbP2KTMhS0OGYm5llWVjAvNzAWMuEvk7MgG+r5A6:ZVq2k785UIro8KTMhSeYm5P2jiuuEjP4
Score

10^/10

qakbot bb06 1668670510 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  animators/circulated.tmp
- Size
  
  835KB
- MD5
  
  2c746ea9b29d5eb19c9164a3f8b7e946
- SHA1
  
  b1956dd11f95036e4c54f3ea99347e3600196d3c
- SHA256
  
  df0c7720a7c4f06aa2a64f01da1ed9baca73c82233c606891ee8b02f26b8af27
- SHA512
  
  70b510b1815b817e1cdfe9e4e6daabbbef1586dbf5527aafc7ae23c7a74e1f2bff9782f6780ab3dd884283f8e91a5628a70f54cced1bd19c99c6bd31bb8dd4d9
- SSDEEP
  
  12288:T6F+DfZxL4+Dir8lkQ5z4hb2mKFX4GfOs5VBNYRbWAUWWvoYPiwBP:T6F+DRt4Tr8lkBhSp2QOU
Score

10^/10

qakbot bb06 1668670510 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6