qakbot | fdf4be7edd488f2339e941acb52c9cef37d53d702649a87be8488a6ae3b6bcf5

General

Target

JN79.img
Size

842KB
Sample

221118-qe7dksdc7t
MD5

94faf871d3736a7b3ea0289d87036e7e
SHA1

49556423a3f42badb43f088d21bb9736ba4e737c
SHA256

fdf4be7edd488f2339e941acb52c9cef37d53d702649a87be8488a6ae3b6bcf5
SHA512

7f3ca9824c6b6abdf8536a18daaa8880b3890bba71a1bca86a9618c86604cd49a25775341f76ef1fe7360b23fce1d4d5055757c7d98f0874ddd8a3303273b8be
SSDEEP

24576:bNNpOK8zWcCTibQsC3BbYGQajBp6Pi1YWaw4:XQK8IL3BbzQaNpx1Da

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB06

Campaign

1668752705

C2

98.147.155.235:443

49.175.72.56:443

82.31.37.241:443

73.36.196.11:443

2.84.98.228:2222

188.54.79.88:995

184.153.132.82:443

74.66.134.24:443

172.117.139.142:995

12.172.173.82:990

24.64.114.59:3389

12.172.173.82:2087

78.92.133.215:443

24.64.114.59:2222

50.68.204.71:995

105.184.161.242:443

12.172.173.82:22

221.161.103.6:443

98.145.23.67:443

73.161.176.218:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  JN79.img
- Size
  
  842KB
- MD5
  
  94faf871d3736a7b3ea0289d87036e7e
- SHA1
  
  49556423a3f42badb43f088d21bb9736ba4e737c
- SHA256
  
  fdf4be7edd488f2339e941acb52c9cef37d53d702649a87be8488a6ae3b6bcf5
- SHA512
  
  7f3ca9824c6b6abdf8536a18daaa8880b3890bba71a1bca86a9618c86604cd49a25775341f76ef1fe7360b23fce1d4d5055757c7d98f0874ddd8a3303273b8be
- SSDEEP
  
  24576:bNNpOK8zWcCTibQsC3BbYGQajBp6Pi1YWaw4:XQK8IL3BbzQaNpx1Da
Score

3^/10
behavioral1 behavioral2
- Target
  
  SK.js
- Size
  
  9KB
- MD5
  
  8263a8aab66d3fc99d09a36bf5f0c72a
- SHA1
  
  cb736a283fdd54f701dc0c6f1b9fe97b01572bc3
- SHA256
  
  2b51e274db93726d4e4109b400dd80ab91c35c0779ea2edc1672ba963e41ca97
- SHA512
  
  44d2287359c8646f0a9b8fb083736257f4e8e9bf391598ecd6374e3574ca243660c14b73d5cede5ad63509eb62bf8dd420aa702b1cebcfd70582481a9b730f20
- SSDEEP
  
  192:cnSLj50Tavgx685UIhpHKbP2KTMhS0OGYm9lWVjAvNzAWM5Evk7MgG+r5AJ:H52k785UIhp/KTMhSeYmn2jiu5EjP+rs
Score

10^/10

qakbot bb06 1668752705 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  manacle/perpendicularly.temp
- Size
  
  372KB
- MD5
  
  66e0967c9447bd3a34d93b9a5988a360
- SHA1
  
  4cb4e1f07b11e2c562f0523747eec1a575d25a04
- SHA256
  
  73b5c1367699fa8806ebe07ddbcf48660299399d0c9ac8d645de85257208539c
- SHA512
  
  cefe8f375c9b39ed21052398f2a6bac4ab6b572be77bdc00c5c994643bd9bf0a744eea475ad7fa1078acffcf5c4c4c4cd5a24fe98a618e6052eb263c1ac10608
- SSDEEP
  
  6144:l1eKK1u77wiWjvM9gaYhWawPSxipTR9K1/XzeDA+sqKD9oqHs9Dz/RJhKXuz:mKzMD2gaSWcxITi/XzZ+s7pohvRJhr
Score

10^/10

qakbot bb06 1668752705 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6