qakbot | 577f9b1a94657c99c91ab4b9aa3a3a058d49443ff0b77a1e9a6af5d307813bb3

General

Target

MH05.img
Size

970KB
Sample

221118-jfr7qagh47
MD5

b805f26a0c5736a1608528d96fd4cef7
SHA1

d03a664ea4cc1b158636af707bebdd404a22fd54
SHA256

577f9b1a94657c99c91ab4b9aa3a3a058d49443ff0b77a1e9a6af5d307813bb3
SHA512

cf436e604b679a2249f6300df8182fd03f7f93a4070b58ea319beae23d345670f82eb63713cf0042d64005e5d453b101c3287fbec9ec27109b1c994a760d8f5a
SSDEEP

12288:fo96F+DfZxL4+Dir8lkQ5z4hbrmKFX4GfOs5VBNYRbWAUWWvoYPiwBPhKwnONVvo:fo96F+DRt4Tr8lkBhnp2QOUDKw9

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB06

Campaign

1668670510

C2

86.225.214.138:2222

71.183.236.133:443

182.66.197.35:443

70.66.199.12:443

76.80.180.154:995

180.151.104.143:443

92.149.205.238:2222

83.110.223.247:443

183.87.31.34:443

105.103.50.1:990

103.141.50.117:995

105.103.50.1:465

105.103.50.1:22

86.130.9.167:2222

86.99.15.243:2222

90.104.22.28:2222

172.117.139.142:995

176.142.207.63:443

142.161.27.232:2222

71.247.10.63:50003

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  MH05.img
- Size
  
  970KB
- MD5
  
  b805f26a0c5736a1608528d96fd4cef7
- SHA1
  
  d03a664ea4cc1b158636af707bebdd404a22fd54
- SHA256
  
  577f9b1a94657c99c91ab4b9aa3a3a058d49443ff0b77a1e9a6af5d307813bb3
- SHA512
  
  cf436e604b679a2249f6300df8182fd03f7f93a4070b58ea319beae23d345670f82eb63713cf0042d64005e5d453b101c3287fbec9ec27109b1c994a760d8f5a
- SSDEEP
  
  12288:fo96F+DfZxL4+Dir8lkQ5z4hbrmKFX4GfOs5VBNYRbWAUWWvoYPiwBPhKwnONVvo:fo96F+DRt4Tr8lkBhnp2QOUDKw9
Score

3^/10
behavioral1 behavioral2
- Target
  
  WW.js
- Size
  
  9KB
- MD5
  
  ca2ab2c3576ae3429cfe68c1b2667a2a
- SHA1
  
  fdb9783ad484754e95f0bc560a27df5a7f07a98d
- SHA256
  
  7f89d47b5c43c12502abc6f58ee6bbb9d1c4529882328107a060a8b5286d9249
- SHA512
  
  6a3184492010b026517be886eb41f46b9a028a2bd1acc4f5ccfa3294bbe31641bc0f567f86bc37c2e70077a2e40a7004c929ca3498a4af0d6b8b5cf2228483df
- SSDEEP
  
  192:ZSLjDJq0Tavgx685UIroAKbP2KTMhS0OGYm5llWVjAvNzAWMuEvk7MgG+r5A6:kVq2k785UIro8KTMhSeYm5P2jiuuEjP4
Score

10^/10

qakbot bb06 1668670510 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  animators/integrable.tmp
- Size
  
  835KB
- MD5
  
  46595e775f995cd94e7d8fb0975b3d5a
- SHA1
  
  3dce325744f2eca15be9e5822559c5d10533d376
- SHA256
  
  d1f06b42d6cd9ada13ae1ae6c18d4a8e7e1ba9387d4188b77c226809f862959c
- SHA512
  
  3c792845bf7c1a657c6d0c01bd7c8de3ef7f6744fc7dc61f9f5ccd21d16f3eaf9acd729fb7517e9473777ee54e86ef3613dfa4940eba0b44b71a3b3c99d4cfbf
- SSDEEP
  
  12288:T6F+DfZxL4+Dir8lkQ5z4hbrmKFX4GfOs5VBNYRbWAUWWvoYPiwBP:T6F+DRt4Tr8lkBhnp2QOU
Score

10^/10

qakbot bb06 1668670510 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6