qakbot | 9f21a2f7516cf1fcb3006254024a6b388535c2ebfe5ada1265f1540dd963b0d9

General

Target

ZX02.img
Size

970KB
Sample

221118-jz65zsgh62
MD5

161a419d4570260e98a556591f682141
SHA1

166cbe7ee10075a03e010e3061fa8e1540aa6373
SHA256

9f21a2f7516cf1fcb3006254024a6b388535c2ebfe5ada1265f1540dd963b0d9
SHA512

72e5d667d21c6d00b2483ba8ddeb3ddb4046669a9700ac29918248342b9b54b7ad6c277d11820f5897bb14f22d38c77a4860afb9d31b5623a6e16ca854d56a90
SSDEEP

12288:Eon6F+DfZxL4+Dir8lkQ5z4hbUmKFX4GfOs5VBNYRbWAUWWvoYPiwBPhKwnONVvo:Eon6F+DRt4Tr8lkBh4p2QOUDKw9

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB06

Campaign

1668670510

C2

86.225.214.138:2222

71.183.236.133:443

182.66.197.35:443

70.66.199.12:443

76.80.180.154:995

180.151.104.143:443

92.149.205.238:2222

83.110.223.247:443

183.87.31.34:443

105.103.50.1:990

103.141.50.117:995

105.103.50.1:465

105.103.50.1:22

86.130.9.167:2222

86.99.15.243:2222

90.104.22.28:2222

172.117.139.142:995

176.142.207.63:443

142.161.27.232:2222

71.247.10.63:50003

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  ZX02.img
- Size
  
  970KB
- MD5
  
  161a419d4570260e98a556591f682141
- SHA1
  
  166cbe7ee10075a03e010e3061fa8e1540aa6373
- SHA256
  
  9f21a2f7516cf1fcb3006254024a6b388535c2ebfe5ada1265f1540dd963b0d9
- SHA512
  
  72e5d667d21c6d00b2483ba8ddeb3ddb4046669a9700ac29918248342b9b54b7ad6c277d11820f5897bb14f22d38c77a4860afb9d31b5623a6e16ca854d56a90
- SSDEEP
  
  12288:Eon6F+DfZxL4+Dir8lkQ5z4hbUmKFX4GfOs5VBNYRbWAUWWvoYPiwBPhKwnONVvo:Eon6F+DRt4Tr8lkBh4p2QOUDKw9
Score

3^/10
behavioral1 behavioral2
- Target
  
  WW.js
- Size
  
  9KB
- MD5
  
  7ae9aaf1d9bb97e92f189dd06f8ea818
- SHA1
  
  da44c149cbff9539fa666cc7e738a014f0093c2d
- SHA256
  
  4285c1ab7af22997ba62a6e6525d96d4534a75112e4b821d6b8a2f999cd50faa
- SHA512
  
  a0be06feb761a27e16ff30477f338a00417bea027bc9de620392179cc53470fc7d80ecf70ff3425ce00a8b2daf77aa0f218f83f715b3c7a19f070daa4b6facdc
- SSDEEP
  
  192:CSLjDJq0Tavgx685UIroAKbP2KTMhS0OGYm5llWVjAvNzAWMuEvk7MgG+r5A6:NVq2k785UIro8KTMhSeYm5P2jiuuEjP4
Score

10^/10

qakbot bb06 1668670510 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  animators/bedbugs.tmp
- Size
  
  835KB
- MD5
  
  aef4d8a5e7bdc38a157e1c46519082fb
- SHA1
  
  63f90efe0f51b7051be4afab2997b1aa53bb7028
- SHA256
  
  4366f175255a83c85c95070c02435f3a51f6db2cc71e2f0ea7dd13421e03da8f
- SHA512
  
  342fdf2028e1d5bc51137ee630e43baa3d0a4ba0363cad7a12f6ca33c1629d8fa8323c9de9184fdd21b69ac81a9a9c3a417c5e87e09267c0c0a956de27005c67
- SSDEEP
  
  12288:T6F+DfZxL4+Dir8lkQ5z4hbUmKFX4GfOs5VBNYRbWAUWWvoYPiwBP:T6F+DRt4Tr8lkBh4p2QOU
Score

10^/10

qakbot bb06 1668670510 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6