qakbot | 4c6295a1e9244ceee969a40874a7081b7b5071e423f8439f0368fa7d5187b9d9

General

Target

NT67.img
Size

842KB
Sample

221118-pwqxgsdc4s
MD5

7000e4b0a1e3f2ae7e5c67c22c44cb62
SHA1

223bb16d6a62bd34e4fe81d74c74a968b3c1a2d7
SHA256

4c6295a1e9244ceee969a40874a7081b7b5071e423f8439f0368fa7d5187b9d9
SHA512

9b9b4bd4cf90cb4ca7c0541f268defbccbcd55f2a283140685a25a47f12897590f21e096cd498500b927f78878eb09995f89bf1a28a1b21f30aef48f447a2168
SSDEEP

24576:EN5pWbYGQajBp6Pi1YWaw46K8zWcCTijQsC3:yUbzQaNpx1DaIK8ID3

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB06

Campaign

1668752705

C2

98.147.155.235:443

49.175.72.56:443

82.31.37.241:443

73.36.196.11:443

2.84.98.228:2222

188.54.79.88:995

184.153.132.82:443

74.66.134.24:443

172.117.139.142:995

12.172.173.82:990

24.64.114.59:3389

12.172.173.82:2087

78.92.133.215:443

24.64.114.59:2222

50.68.204.71:995

105.184.161.242:443

12.172.173.82:22

221.161.103.6:443

98.145.23.67:443

73.161.176.218:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  NT67.img
- Size
  
  842KB
- MD5
  
  7000e4b0a1e3f2ae7e5c67c22c44cb62
- SHA1
  
  223bb16d6a62bd34e4fe81d74c74a968b3c1a2d7
- SHA256
  
  4c6295a1e9244ceee969a40874a7081b7b5071e423f8439f0368fa7d5187b9d9
- SHA512
  
  9b9b4bd4cf90cb4ca7c0541f268defbccbcd55f2a283140685a25a47f12897590f21e096cd498500b927f78878eb09995f89bf1a28a1b21f30aef48f447a2168
- SSDEEP
  
  24576:EN5pWbYGQajBp6Pi1YWaw46K8zWcCTijQsC3:yUbzQaNpx1DaIK8ID3
Score

3^/10
behavioral1 behavioral2
- Target
  
  SK.js
- Size
  
  9KB
- MD5
  
  343f4476934f891e049310cc56ba4a50
- SHA1
  
  141a401dc2dee477066dc54a6b4c0d831478cb2f
- SHA256
  
  686dd8ac348764e5c2d0ff705fdd6360666d612fa11129b2b79bbd779abb17d7
- SHA512
  
  654c0873f0a6368f0ab61e974cb14e5ec02ff79bc0c8be1cd544e17279a08f9326cd9a5cdfc684e0c0d1048c60219fb480de2dc2ec7c4aa89c621105532f6105
- SSDEEP
  
  192:cESLj50Tavgx685UIhpHKbP2KTMhS0OGYm9lWVjAvNzAWM5Evk7MgG+r5AJ:052k785UIhp/KTMhSeYmn2jiu5EjP+rs
Score

10^/10

qakbot bb06 1668752705 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  manacle/vans.temp
- Size
  
  372KB
- MD5
  
  b3239f3f850010986b030e1ece1c5cdb
- SHA1
  
  63b6ee8d53608a5a68e69ddb90a5360d93b041ac
- SHA256
  
  46f6366e55e88c16ee9ee12b66bbfdeeb26c1ab680bc8e7f91dff148577e713a
- SHA512
  
  019ba407607aa612f9e0e44fe3e19d5fe9bad6e2b59933bdb527cfa9d49ec1d029f09f542f108f6b84d8c7cf0563313075a9018c5c1a385b7c9b66e6fbf5a337
- SSDEEP
  
  6144:l1eKK1u77wiWjvM9gaYhWawPSxipTR9K1/XreDA+sqKD9oqHs9Dz/RJhKXuz:mKzMD2gaSWcxITi/XrZ+s7pohvRJhr
Score

10^/10

qakbot bb06 1668752705 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6