qakbot | 645734102dbed0dc15bc201a6862736578b8a62283cb77ed21cd09a3ee63d80e

General

Target

EJ71.img
Size

970KB
Sample

221118-lme7vaha99
MD5

ccda9db28014a6de99eab5a8c0de8084
SHA1

6d598febb051a0c456bcd88318d0aea7b9833915
SHA256

645734102dbed0dc15bc201a6862736578b8a62283cb77ed21cd09a3ee63d80e
SHA512

c235336fb9bc5d29d0bf6c9503e8ce5316cc8df553e670b510d8a6a752828edf02e9d7550391e9dda86ee6736d7cb68f579129c0826dc3ad9568b083d3a3fc47
SSDEEP

12288:NoF6F+DfZxL4+Dir8lkQ5z4hbMmKFX4GfOs5VBNYRbWAUWWvoYPiwBPhKwnONVvo:NoF6F+DRt4Tr8lkBhYp2QOUDKw9

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB06

Campaign

1668670510

C2

86.225.214.138:2222

71.183.236.133:443

182.66.197.35:443

70.66.199.12:443

76.80.180.154:995

180.151.104.143:443

92.149.205.238:2222

83.110.223.247:443

183.87.31.34:443

105.103.50.1:990

103.141.50.117:995

105.103.50.1:465

105.103.50.1:22

86.130.9.167:2222

86.99.15.243:2222

90.104.22.28:2222

172.117.139.142:995

176.142.207.63:443

142.161.27.232:2222

71.247.10.63:50003

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  EJ71.img
- Size
  
  970KB
- MD5
  
  ccda9db28014a6de99eab5a8c0de8084
- SHA1
  
  6d598febb051a0c456bcd88318d0aea7b9833915
- SHA256
  
  645734102dbed0dc15bc201a6862736578b8a62283cb77ed21cd09a3ee63d80e
- SHA512
  
  c235336fb9bc5d29d0bf6c9503e8ce5316cc8df553e670b510d8a6a752828edf02e9d7550391e9dda86ee6736d7cb68f579129c0826dc3ad9568b083d3a3fc47
- SSDEEP
  
  12288:NoF6F+DfZxL4+Dir8lkQ5z4hbMmKFX4GfOs5VBNYRbWAUWWvoYPiwBPhKwnONVvo:NoF6F+DRt4Tr8lkBhYp2QOUDKw9
Score

3^/10
behavioral1 behavioral2
- Target
  
  WW.js
- Size
  
  9KB
- MD5
  
  72b59f71cfd39fdb5fea1488630fc8c8
- SHA1
  
  fd478c2a12d42d6c255261cf64dd1b3019c6eaf6
- SHA256
  
  f994c132ff92e19620c2f5415cd15be7df82bbea5ab39cc277c8b2e39371cb34
- SHA512
  
  323d8c112de2e035038a6a26d04b0ab2019c8fd721c382408c1a886d96447147d714ac8af3735f85a2e1b975cce43d12521ee79ae0b36ab4fe927e013547cd2d
- SSDEEP
  
  192:cSLjDJq0Tavgx685UIroAKbP2KTMhS0OGYm5llWVjAvNzAWMuEvk7MgG+r5A6:LVq2k785UIro8KTMhSeYm5P2jiuuEjP4
Score

10^/10

qakbot bb06 1668670510 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  animators/critique.tmp
- Size
  
  835KB
- MD5
  
  d76374599fef9172138c102ffbd97abc
- SHA1
  
  9c9e34e145c7f2093c50ebf74fe315ced7f80904
- SHA256
  
  068e8450a3be82283779dea7a95fbaedeeeab583989f6fe9959d28abf9101607
- SHA512
  
  45b4ac663f06ff55d7835d8bfac11513886b1d1f6a251b82fc619efdad0a57b9e71178cd06084cf1cd23a3cc978eacb92138a251cb3dca1f49f44d07ccbd51d3
- SSDEEP
  
  12288:T6F+DfZxL4+Dir8lkQ5z4hbMmKFX4GfOs5VBNYRbWAUWWvoYPiwBP:T6F+DRt4Tr8lkBhYp2QOU
Score

10^/10

qakbot bb06 1668670510 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6