qakbot | 9e1abf9980ebc84d56b0c780b9fce0c401cfacc66e014f3be1d25564d4763477

General

Target

QL63.img
Size

842KB
Sample

221118-qznrzahd96
MD5

91e742988dfaf22dd473b2595a0fb1f2
SHA1

537c12d3dd983bddc03aa80e09d7384c575485fe
SHA256

9e1abf9980ebc84d56b0c780b9fce0c401cfacc66e014f3be1d25564d4763477
SHA512

58b63510eb651f7d82b78fd4f3e1eb87784859d73bdddf0ec74f8f6094e74832508306ed3657b93a4335358ca4ef8c1e2e610f6ed48f794051d5dfa9f170d763
SSDEEP

24576:INdpOK8zWcCTisQsC3BbYGQajBp6Pi1YWaw4:EQK8Ie3BbzQaNpx1Da

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB06

Campaign

1668752705

C2

98.147.155.235:443

49.175.72.56:443

82.31.37.241:443

73.36.196.11:443

2.84.98.228:2222

188.54.79.88:995

184.153.132.82:443

74.66.134.24:443

172.117.139.142:995

12.172.173.82:990

24.64.114.59:3389

12.172.173.82:2087

78.92.133.215:443

24.64.114.59:2222

50.68.204.71:995

105.184.161.242:443

12.172.173.82:22

221.161.103.6:443

98.145.23.67:443

73.161.176.218:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  QL63.img
- Size
  
  842KB
- MD5
  
  91e742988dfaf22dd473b2595a0fb1f2
- SHA1
  
  537c12d3dd983bddc03aa80e09d7384c575485fe
- SHA256
  
  9e1abf9980ebc84d56b0c780b9fce0c401cfacc66e014f3be1d25564d4763477
- SHA512
  
  58b63510eb651f7d82b78fd4f3e1eb87784859d73bdddf0ec74f8f6094e74832508306ed3657b93a4335358ca4ef8c1e2e610f6ed48f794051d5dfa9f170d763
- SSDEEP
  
  24576:INdpOK8zWcCTisQsC3BbYGQajBp6Pi1YWaw4:EQK8Ie3BbzQaNpx1Da
Score

3^/10
behavioral1 behavioral2
- Target
  
  SK.js
- Size
  
  9KB
- MD5
  
  dcbdc839a5daa5983faad41f1940b3bd
- SHA1
  
  a43dd88fdf7650c7953899d3fe24bd737ce12659
- SHA256
  
  464794501188c3ac9b5c39efd9bb6d40dc71c03be8a710e07a1302256caea862
- SHA512
  
  8438047899987b773ef1a6f39bcf4e00dc1ec79b62eae6e5a87bc46b567f469a8dd7dd29d0f3335cb1989cad2d8bb66d5c838e0a61d82c6b6b12c3eee443b134
- SSDEEP
  
  192:cCuSLj50Tavgx685UIhpHKbP2KTMhS0OGYm9lWVjAvNzAWM5Evk7MgG+r5AJ:h52k785UIhp/KTMhSeYmn2jiu5EjP+rs
Score

10^/10

qakbot bb06 1668752705 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  manacle/tries.temp
- Size
  
  372KB
- MD5
  
  2a5478a1ef939186ec0d7ed9ed094aee
- SHA1
  
  d803959b8d4e25ad603b89ddd6c07a8373b711fa
- SHA256
  
  08a4fc568d110346918e516ee3d3d3f7ca3b9b362735ffeed562996842f6cfc4
- SHA512
  
  791ffd995f3e67a7a18765f334ead06530409b1c188431bf748e18221dcb28a17f0395cc663d1ac05588e195441a82e5e7a01470fbf02f1f414a27e0635fbd16
- SSDEEP
  
  6144:l1eKK1u77wiWjvM9gaYhWawPSxipTR9K1/XkeDA+sqKD9oqHs9Dz/RJhKXuz:mKzMD2gaSWcxITi/XkZ+s7pohvRJhr
Score

10^/10

qakbot bb06 1668752705 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6