qakbot | 87a6c8d93a46da3487e69372704f9014a55ab43820d202b3bf58f28df1fa2bac

General

Target

RJ01.img
Size

842KB
Sample

221118-r3da3shf34
MD5

0d156ab0973c1461a467b305264bc7e4
SHA1

b953b509d35f5c909774ec88db5920e68364792a
SHA256

87a6c8d93a46da3487e69372704f9014a55ab43820d202b3bf58f28df1fa2bac
SHA512

d76ae5bbce41e2a2febd8de5d394b4c9a2b8275f261722b6daa7ed54d024c844db8a650adb7a7e234698f66cf580f8c6ae7c97d26a36e81994a197c147b6f967
SSDEEP

24576:PNJK8zWcCTiRQsC3bpWbYGQajBp6Pi1YWaw4:vK8Ix3bUbzQaNpx1Da

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB06

Campaign

1668752705

C2

98.147.155.235:443

49.175.72.56:443

82.31.37.241:443

73.36.196.11:443

2.84.98.228:2222

188.54.79.88:995

184.153.132.82:443

74.66.134.24:443

172.117.139.142:995

12.172.173.82:990

24.64.114.59:3389

12.172.173.82:2087

78.92.133.215:443

24.64.114.59:2222

50.68.204.71:995

105.184.161.242:443

12.172.173.82:22

221.161.103.6:443

98.145.23.67:443

73.161.176.218:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  RJ01.img
- Size
  
  842KB
- MD5
  
  0d156ab0973c1461a467b305264bc7e4
- SHA1
  
  b953b509d35f5c909774ec88db5920e68364792a
- SHA256
  
  87a6c8d93a46da3487e69372704f9014a55ab43820d202b3bf58f28df1fa2bac
- SHA512
  
  d76ae5bbce41e2a2febd8de5d394b4c9a2b8275f261722b6daa7ed54d024c844db8a650adb7a7e234698f66cf580f8c6ae7c97d26a36e81994a197c147b6f967
- SSDEEP
  
  24576:PNJK8zWcCTiRQsC3bpWbYGQajBp6Pi1YWaw4:vK8Ix3bUbzQaNpx1Da
Score

3^/10
behavioral1 behavioral2
- Target
  
  SK.js
- Size
  
  9KB
- MD5
  
  4c73ffb8f80be970bfb1dc463eb79df3
- SHA1
  
  e79d6818215b7f3caf67b8dbe1c8f30f620f98fa
- SHA256
  
  59c6ad9298081936d5f4c4412ee7ba0b369213379cef9352784781b7d569fe6c
- SHA512
  
  35c61995c8343a905fe5d3723a18f528d6775dbf1d019fb3945ac4c84bd39c94fcabdf93f8d103cba175e792d8ba3dec626de59537a1d532ec821b53e4d9c5f4
- SSDEEP
  
  192:ci3SLj50Tavgx685UIhpHKbP2KTMhS0OGYm9lWVjAvNzAWM5Evk7MgG+r5AJ:w52k785UIhp/KTMhSeYmn2jiu5EjP+rs
Score

10^/10

qakbot bb06 1668752705 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  manacle/hapless.temp
- Size
  
  372KB
- MD5
  
  4dfae9deaa522f5d7b0520bd7c77e0c3
- SHA1
  
  e14b015af36e9d8083365b487d51d770eb5ce521
- SHA256
  
  a9920318c422dbe6c0d593976a9058f351168dd0179ce6af39b278e7879b7d83
- SHA512
  
  c4f12a64b0b215ce4baa12720fbec3a8a7f543d0c59436b80738cac737fc4ff41627a5d945f76274506ab20a3348d35629e4193e402177d9d798367d6210eb59
- SSDEEP
  
  6144:l1eKK1u77wiWjvM9gaYhWawPSxipTR9K1/XJeDA+sqKD9oqHs9Dz/RJhKXuz:mKzMD2gaSWcxITi/XJZ+s7pohvRJhr
Score

10^/10

qakbot bb06 1668752705 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6