qakbot | 149a7c7ad1a0d20846519e899d210ff89ac22c580e6e5adf9d57d63df7ba8fce

General

Target

QI20.img
Size

848KB
Sample

221118-pcdg2shc73
MD5

410200867498641e764750c31cc5d896
SHA1

0afadc99efadcde8722c8b1cd7a9ed8ce1cb71c4
SHA256

149a7c7ad1a0d20846519e899d210ff89ac22c580e6e5adf9d57d63df7ba8fce
SHA512

094d397799932622658eac7f3d2ed3929fe847e8b9d55a20adba7a213cc3b2ee5a32c1c57240caf2507a51d254d5d0d0f7ad8ee7e9e82e74cdd11f66a5fa6711
SSDEEP

12288:Co7VN9gjGfBlxYUWlaVxbYUGOpGPq1Tu/VxdZlUP9Xq4F/9:Co7VN9gjkjW8wWpD9u/VLM9Xq4n

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB06

Campaign

1668683197

C2

23.240.47.58:995

12.172.173.82:465

91.169.12.198:32100

94.63.65.146:443

80.13.179.151:2222

64.207.237.118:443

24.206.27.39:443

83.114.60.6:2222

86.171.75.63:443

86.195.32.149:2222

170.253.25.35:443

92.185.204.18:2078

157.231.42.190:995

170.249.59.153:443

174.101.111.4:443

116.74.163.152:443

76.80.180.154:995

180.151.104.143:443

86.130.9.167:2222

86.99.15.243:2222

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  QI20.img
- Size
  
  848KB
- MD5
  
  410200867498641e764750c31cc5d896
- SHA1
  
  0afadc99efadcde8722c8b1cd7a9ed8ce1cb71c4
- SHA256
  
  149a7c7ad1a0d20846519e899d210ff89ac22c580e6e5adf9d57d63df7ba8fce
- SHA512
  
  094d397799932622658eac7f3d2ed3929fe847e8b9d55a20adba7a213cc3b2ee5a32c1c57240caf2507a51d254d5d0d0f7ad8ee7e9e82e74cdd11f66a5fa6711
- SSDEEP
  
  12288:Co7VN9gjGfBlxYUWlaVxbYUGOpGPq1Tu/VxdZlUP9Xq4F/9:Co7VN9gjkjW8wWpD9u/VLM9Xq4n
Score

3^/10
behavioral1 behavioral2
- Target
  
  WW.js
- Size
  
  9KB
- MD5
  
  2f011ed703d0994b0dd790e8203cf2ab
- SHA1
  
  77dba4958a3855fc82b2451b4a440aa8f14526f6
- SHA256
  
  b339c5b7618cb29cbefeca830e13c8eb926cbcfe5986e31468b82d51a6c2a6bd
- SHA512
  
  460202b536dcec370a46c515482b05251cf629e589b2178b18dd804d358efb4f8ac18ffecdbdf40c20e23c2ec059dbd60389262a0737a335c4248039ad1dcb34
- SSDEEP
  
  192:jJSLjDJq0Tavgx685UIroAKbP2KTMhS0OGYm5llWVjAvNzAWMuEvk7MgG+r5A6:QVq2k785UIro8KTMhSeYm5P2jiuuEjP4
Score

10^/10

qakbot bb06 1668683197 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  port/signs.tmp
- Size
  
  691KB
- MD5
  
  ae7c5ba2d077c0197e984f4bcf715467
- SHA1
  
  ec9c1688c717c7d8f9e9ab65a69ca372b21bc78a
- SHA256
  
  aa79ec7a5045a397822c5933468bcfd2955c8575c447e1f4cf64315ee0ccb84a
- SHA512
  
  5b087ed336c487ab0acf9eb5e71c0d9fab7c79855c3e1d560c5094db0e0bfe63babd042c7dc4d777da4d0d44970ef95fe69a0c83858fb1216acf92bf503750d2
- SSDEEP
  
  12288:sjGfBlxYUWlaVxbYUGOpGPq1Tu/VxdZlUP9Xq4F/9:sjkjW8wWpD9u/VLM9Xq4n
Score

10^/10

qakbot bb06 1668683197 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6