qakbot | 82bd14bf451e0123666b30b95583e361d173aa6410378bbdac29017c8467cf5a

General

Target

XQ47.img
Size

970KB
Sample

221118-mp5e7ada9z
MD5

60f808824bc9ec607a2b6a5b0a5a3f31
SHA1

1eb6a55c30f0e548c244fde1ab6fb1747fd1f6cd
SHA256

82bd14bf451e0123666b30b95583e361d173aa6410378bbdac29017c8467cf5a
SHA512

afa2e77ad2aa5f67b66738ed553387af6a4b49d88a1b9c6cc1a6cf2bd65920d5114471d0a20f443a0f3493a20db2ef7cadd86a8a986091fd2a46ca851c11db98
SSDEEP

12288:IokKwnON76F+DfZxL4+Dir8lkQ5z4hbImKFX4GfOs5VBNYRbWAUWWvoYPiwBP2vo:IokKwW6F+DRt4Tr8lkBhUp2QOUZ

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB06

Campaign

1668670510

C2

86.225.214.138:2222

71.183.236.133:443

182.66.197.35:443

70.66.199.12:443

76.80.180.154:995

180.151.104.143:443

92.149.205.238:2222

83.110.223.247:443

183.87.31.34:443

105.103.50.1:990

103.141.50.117:995

105.103.50.1:465

105.103.50.1:22

86.130.9.167:2222

86.99.15.243:2222

90.104.22.28:2222

172.117.139.142:995

176.142.207.63:443

142.161.27.232:2222

71.247.10.63:50003

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Extracted

Family

qakbot

Attributes

salt
~�w%��N$��0��U��J��m�/(

Targets

- Target
  
  XQ47.img
- Size
  
  970KB
- MD5
  
  60f808824bc9ec607a2b6a5b0a5a3f31
- SHA1
  
  1eb6a55c30f0e548c244fde1ab6fb1747fd1f6cd
- SHA256
  
  82bd14bf451e0123666b30b95583e361d173aa6410378bbdac29017c8467cf5a
- SHA512
  
  afa2e77ad2aa5f67b66738ed553387af6a4b49d88a1b9c6cc1a6cf2bd65920d5114471d0a20f443a0f3493a20db2ef7cadd86a8a986091fd2a46ca851c11db98
- SSDEEP
  
  12288:IokKwnON76F+DfZxL4+Dir8lkQ5z4hbImKFX4GfOs5VBNYRbWAUWWvoYPiwBP2vo:IokKwW6F+DRt4Tr8lkBhUp2QOUZ
Score

3^/10
behavioral1 behavioral2
- Target
  
  WW.js
- Size
  
  9KB
- MD5
  
  a872e3c9f15ee0c22fd626f76df21ad3
- SHA1
  
  67908e73cd9a47a6dbdb9076e5e6d368a9a4e346
- SHA256
  
  805b3ea38c61bb253da583a398341b1f252b90fb386489e69d1ba721c759d084
- SHA512
  
  8b7fa01ac06bc3bf15f388cfc605eec5fb9edbcabd981a38046a76d817e3f1c1e108100b0df1e5516a1a22511451ddbd8c92a7dfbe92b47e30c5c1083966d5d4
- SSDEEP
  
  192:USLjDJq0Tavgx685UIroAKbP2KTMhS0OGYm5llWVjAvNzAWMuEvk7MgG+r5A6:DVq2k785UIro8KTMhSeYm5P2jiuuEjP4
Score

10^/10

qakbot bb06 1668670510 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  animators/slice.tmp
- Size
  
  835KB
- MD5
  
  8b46c51c1c16214456ecf543f2c5f473
- SHA1
  
  682bbd33e17e1885b8d7d89a80e7b803322c23d8
- SHA256
  
  6e0adb73b6c18ad39ba761bdd0099dcffc56269253714deb7a9b5dcc103693ba
- SHA512
  
  53d5aa471abc4604490a090e0dea41b30f1aad0df561973346eb4b37ad264d5bad546daa9e688bd01560aed79d2a33dbe8aee29a5a573bab32b4327458b4c5a3
- SSDEEP
  
  12288:T6F+DfZxL4+Dir8lkQ5z4hbImKFX4GfOs5VBNYRbWAUWWvoYPiwBP:T6F+DRt4Tr8lkBhUp2QOU
Score

10^/10

qakbot bb06 1668670510 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6