qakbot | 0e4f88dca9c0c3c6f3d3e35f3c7c5fd490f435547b46fd763f14fb2a1c7ff9b2

General

Target

ZT48.img
Size

970KB
Sample

221118-gtht4acf4v
MD5

1f356703b734880696ec9c27ebb7b8ce
SHA1

2e282b17bf1113ca28ab0ae9c8e1c48b9b40e031
SHA256

0e4f88dca9c0c3c6f3d3e35f3c7c5fd490f435547b46fd763f14fb2a1c7ff9b2
SHA512

4fe11810eba12f1fd2e9841b546d100337cfb6f5ee24d42f9a5798d9dfec7df2536cc1b8d8b80b83252fcce4306503e4d75aa2112567aff398ed937d9dd542a8
SSDEEP

12288:Fon6F+DfZxL4+Dir8lkQ5z4hbqmKFX4GfOs5VBNYRbWAUWWvoYPiwBPhKwnONVvo:Fon6F+DRt4Tr8lkBhOp2QOUDKw9

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB06

Campaign

1668670510

C2

86.225.214.138:2222

71.183.236.133:443

182.66.197.35:443

70.66.199.12:443

76.80.180.154:995

180.151.104.143:443

92.149.205.238:2222

83.110.223.247:443

183.87.31.34:443

105.103.50.1:990

103.141.50.117:995

105.103.50.1:465

105.103.50.1:22

86.130.9.167:2222

86.99.15.243:2222

90.104.22.28:2222

172.117.139.142:995

176.142.207.63:443

142.161.27.232:2222

71.247.10.63:50003

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  ZT48.img
- Size
  
  970KB
- MD5
  
  1f356703b734880696ec9c27ebb7b8ce
- SHA1
  
  2e282b17bf1113ca28ab0ae9c8e1c48b9b40e031
- SHA256
  
  0e4f88dca9c0c3c6f3d3e35f3c7c5fd490f435547b46fd763f14fb2a1c7ff9b2
- SHA512
  
  4fe11810eba12f1fd2e9841b546d100337cfb6f5ee24d42f9a5798d9dfec7df2536cc1b8d8b80b83252fcce4306503e4d75aa2112567aff398ed937d9dd542a8
- SSDEEP
  
  12288:Fon6F+DfZxL4+Dir8lkQ5z4hbqmKFX4GfOs5VBNYRbWAUWWvoYPiwBPhKwnONVvo:Fon6F+DRt4Tr8lkBhOp2QOUDKw9
Score

3^/10
behavioral1 behavioral2
- Target
  
  WW.js
- Size
  
  9KB
- MD5
  
  3061d4a2341556c8602e23b29d269f49
- SHA1
  
  b60e2ed1c077770aa40278d88c26f5a89940a3b3
- SHA256
  
  b40cd8edf5425416d0b4323a8ba3c5eaf59e128de20b7ccbb94afdb334867aa9
- SHA512
  
  1ec2e8be1b7152796da9d934a386890fed35dcb962f5a9821d1856fdf6d1805af0a21960213636c0d2bb8c8b6eef25a6626b29b3555b543497202c57e22eff39
- SSDEEP
  
  192:B9SLjDJq0Tavgx685UIroAKbP2KTMhS0OGYm5llWVjAvNzAWMuEvk7MgG+r5A6:B4Vq2k785UIro8KTMhSeYm5P2jiuuEjw
Score

10^/10

qakbot bb06 1668670510 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  animators/judaism.tmp
- Size
  
  835KB
- MD5
  
  deb5b5a88129a414316e8c6080a55460
- SHA1
  
  59ee49b98dbec9d60ef7662e15f1a9a57a6760a6
- SHA256
  
  58cdfa80027f08e94212780ffbdbfafc83e7694707095e003b2759597f96dbc0
- SHA512
  
  81338349a2db229b1e991581eb0f18bef37d2f03a862d188f6ec0fa53383f7f448d4f57b6f434d3b2954d8886b243b2eb15a4a31d23d215532dfc8587adff95d
- SSDEEP
  
  12288:T6F+DfZxL4+Dir8lkQ5z4hbqmKFX4GfOs5VBNYRbWAUWWvoYPiwBP:T6F+DRt4Tr8lkBhOp2QOU
Score

10^/10

qakbot bb06 1668670510 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6