qakbot | 10c389561c1ba93694020485c9ba784a9fdba5382a0106cbeadc11ce110641e0

General

Target

YJ67.img
Size

842KB
Sample

221118-rh17eadd7v
MD5

580497b1f86577786404d70e280841ba
SHA1

f0314eec44a22942c9249c5835cecb73ebcb0668
SHA256

10c389561c1ba93694020485c9ba784a9fdba5382a0106cbeadc11ce110641e0
SHA512

fd2ee9ac809d178c4e593617fad7c24907151330def89b476e29e3adbf3955488c48a0244d8d5d781329fbf5755110ba2c990d3bc0e358d17b545ec34db0ff2a
SSDEEP

24576:iNVK8zWcCTiQQsC3bpWbYGQajBp6Pi1YWaw4:eK8Iy3bUbzQaNpx1Da

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB06

Campaign

1668752705

C2

98.147.155.235:443

49.175.72.56:443

82.31.37.241:443

73.36.196.11:443

2.84.98.228:2222

188.54.79.88:995

184.153.132.82:443

74.66.134.24:443

172.117.139.142:995

12.172.173.82:990

24.64.114.59:3389

12.172.173.82:2087

78.92.133.215:443

24.64.114.59:2222

50.68.204.71:995

105.184.161.242:443

12.172.173.82:22

221.161.103.6:443

98.145.23.67:443

73.161.176.218:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  YJ67.img
- Size
  
  842KB
- MD5
  
  580497b1f86577786404d70e280841ba
- SHA1
  
  f0314eec44a22942c9249c5835cecb73ebcb0668
- SHA256
  
  10c389561c1ba93694020485c9ba784a9fdba5382a0106cbeadc11ce110641e0
- SHA512
  
  fd2ee9ac809d178c4e593617fad7c24907151330def89b476e29e3adbf3955488c48a0244d8d5d781329fbf5755110ba2c990d3bc0e358d17b545ec34db0ff2a
- SSDEEP
  
  24576:iNVK8zWcCTiQQsC3bpWbYGQajBp6Pi1YWaw4:eK8Iy3bUbzQaNpx1Da
Score

3^/10
behavioral1 behavioral2
- Target
  
  SK.js
- Size
  
  9KB
- MD5
  
  fbce12cde3a50b27f66e87104f97b01a
- SHA1
  
  41012ca962e8136312cf9440cd3a9aa90fd13e0a
- SHA256
  
  858541307795604872cef3e181b2d08928be383be2c72ea6e3f80319cded5c2c
- SHA512
  
  0748f690ca64ade9051c149d396115c97f364030e1e89c7c1d06eca9111ebc98d17013ce86e3ce9f770902e492a4b1c81ef556f35bd8856bd34df75492ac82c6
- SSDEEP
  
  192:cQSLj50Tavgx685UIhpHKbP2KTMhS0OGYm9lWVjAvNzAWM5Evk7MgG+r5AJ:U52k785UIhp/KTMhSeYmn2jiu5EjP+rs
Score

10^/10

qakbot bb06 1668752705 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  manacle/fonder.temp
- Size
  
  372KB
- MD5
  
  ac6a682f04146390e7888f56a7e46cc6
- SHA1
  
  6a08b1c70e04901a13f3d0bc8134aba0489de851
- SHA256
  
  4a2af9051abd02dc0d7cc49180c226d801de5c38a0a27220332febc7d89da234
- SHA512
  
  0964bef24227cd377132401dfd27fbeea163d9e2945e75841f9c413d937894107b2e73534b819763da634bc683a0fb29897638b5c98f50c4a901a9c16c7b0ca3
- SSDEEP
  
  6144:l1eKK1u77wiWjvM9gaYhWawPSxipTR9K1/XYeDA+sqKD9oqHs9Dz/RJhKXuz:mKzMD2gaSWcxITi/XYZ+s7pohvRJhr
Score

10^/10

qakbot bb06 1668752705 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6