qakbot | f4f7a862e6a66c57d07d5d54f604d7381a417a1640b7095b1f60afbad72c5dcb

General

Target

UL24.img
Size

970KB
Sample

221118-k3336sha69
MD5

3e4fb0bf16a5836f5a05dba6f994a97f
SHA1

24d7736ae94ee1bbe0637f02e2ac2bb3afeb3cd9
SHA256

f4f7a862e6a66c57d07d5d54f604d7381a417a1640b7095b1f60afbad72c5dcb
SHA512

d78ee9bc6b5f2701795f06ef34f3d63b936dcf3632a1c088804648d8ad8a0b61cdf6403e9a1ec68ed4815c69a8af6ed944f7625ee57685de38beedabe6d315a4
SSDEEP

12288:ZoF6F+DfZxL4+Dir8lkQ5z4hbTmKFX4GfOs5VBNYRbWAUWWvoYPiwBPhKwnONVvo:ZoF6F+DRt4Tr8lkBh3p2QOUDKw9

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB06

Campaign

1668670510

C2

86.225.214.138:2222

71.183.236.133:443

182.66.197.35:443

70.66.199.12:443

76.80.180.154:995

180.151.104.143:443

92.149.205.238:2222

83.110.223.247:443

183.87.31.34:443

105.103.50.1:990

103.141.50.117:995

105.103.50.1:465

105.103.50.1:22

86.130.9.167:2222

86.99.15.243:2222

90.104.22.28:2222

172.117.139.142:995

176.142.207.63:443

142.161.27.232:2222

71.247.10.63:50003

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  UL24.img
- Size
  
  970KB
- MD5
  
  3e4fb0bf16a5836f5a05dba6f994a97f
- SHA1
  
  24d7736ae94ee1bbe0637f02e2ac2bb3afeb3cd9
- SHA256
  
  f4f7a862e6a66c57d07d5d54f604d7381a417a1640b7095b1f60afbad72c5dcb
- SHA512
  
  d78ee9bc6b5f2701795f06ef34f3d63b936dcf3632a1c088804648d8ad8a0b61cdf6403e9a1ec68ed4815c69a8af6ed944f7625ee57685de38beedabe6d315a4
- SSDEEP
  
  12288:ZoF6F+DfZxL4+Dir8lkQ5z4hbTmKFX4GfOs5VBNYRbWAUWWvoYPiwBPhKwnONVvo:ZoF6F+DRt4Tr8lkBh3p2QOUDKw9
Score

3^/10
behavioral1 behavioral2
- Target
  
  WW.js
- Size
  
  9KB
- MD5
  
  09530aa91de02a56df9bf8fb729deabc
- SHA1
  
  dc0b511ab41f9fda8b9be7e97fd03f9dea5f504d
- SHA256
  
  749f57cc2420c51041d0bd795ffcce5398f39b67bd4e061ea31367644990dbea
- SHA512
  
  c2acf41950746d8d4880c009e5c75652fd212c00f5b91b0792e53a68f935e70c3fee0ccac24393632bd2ae509a0a712d4f70ef701b4da4cc3c77858e8b27056f
- SSDEEP
  
  192:wSLjDJq0Tavgx685UIroAKbP2KTMhS0OGYm5llWVjAvNzAWMuEvk7MgG+r5A6:/Vq2k785UIro8KTMhSeYm5P2jiuuEjP4
Score

10^/10

qakbot bb06 1668670510 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  animators/consists.tmp
- Size
  
  835KB
- MD5
  
  6e3e637f522afd4b379e212f1a577d48
- SHA1
  
  81be8b6655aa714d4eb6f575272b639f05a44b72
- SHA256
  
  9522c6abc1e08e7b8f66352bb783a7252645a13cbcd6fb564ab9b94c44594365
- SHA512
  
  104b57651b5d2e6da8cc4acd703ea343fe97d3bd02fe7ca1743660a852cd79eec9c365ccc5fe2f17917a82d150d1f7c62a585b655b8b37ba07c139e76f789fbe
- SSDEEP
  
  12288:T6F+DfZxL4+Dir8lkQ5z4hbTmKFX4GfOs5VBNYRbWAUWWvoYPiwBP:T6F+DRt4Tr8lkBh3p2QOU
Score

10^/10

qakbot bb06 1668670510 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6