qakbot | bc958b315bc19d060072a6562b7f37de5b58fe016ea90d97afc8508a975a3038

General

Target

ZB59.img
Size

842KB
Sample

221118-slryksde71
MD5

3fbeb76592de2fcc1f768d95d35b9cdc
SHA1

174c29f3f99da3f18435302b3f023125f330087c
SHA256

bc958b315bc19d060072a6562b7f37de5b58fe016ea90d97afc8508a975a3038
SHA512

ac2e8a0ab8a5a472a160b6049ac1b7150c289cbe7731a1277f44b5520cfcd823311a46de617f12619a79456a65d9a2b71961d1f293bfcd9db67421d40519ffc3
SSDEEP

24576:zN5K8zWcCTiuQsC3bpWbYGQajBp6Pi1YWaw4:bK8I83bUbzQaNpx1Da

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB06

Campaign

1668752705

C2

98.147.155.235:443

49.175.72.56:443

82.31.37.241:443

73.36.196.11:443

2.84.98.228:2222

188.54.79.88:995

184.153.132.82:443

74.66.134.24:443

172.117.139.142:995

12.172.173.82:990

24.64.114.59:3389

12.172.173.82:2087

78.92.133.215:443

24.64.114.59:2222

50.68.204.71:995

105.184.161.242:443

12.172.173.82:22

221.161.103.6:443

98.145.23.67:443

73.161.176.218:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  ZB59.img
- Size
  
  842KB
- MD5
  
  3fbeb76592de2fcc1f768d95d35b9cdc
- SHA1
  
  174c29f3f99da3f18435302b3f023125f330087c
- SHA256
  
  bc958b315bc19d060072a6562b7f37de5b58fe016ea90d97afc8508a975a3038
- SHA512
  
  ac2e8a0ab8a5a472a160b6049ac1b7150c289cbe7731a1277f44b5520cfcd823311a46de617f12619a79456a65d9a2b71961d1f293bfcd9db67421d40519ffc3
- SSDEEP
  
  24576:zN5K8zWcCTiuQsC3bpWbYGQajBp6Pi1YWaw4:bK8I83bUbzQaNpx1Da
Score

3^/10
behavioral1 behavioral2
- Target
  
  SK.js
- Size
  
  9KB
- MD5
  
  6172d2db3ec01346b80c5b53f8a8c66a
- SHA1
  
  72e89b66bdeb2f6f8c30d738f97441f1eed3173e
- SHA256
  
  b4c5e061d77b4853423dd0d952b223cc3cb577ceb5d68aaeb5e27f18b21e0eda
- SHA512
  
  3e92effd0d89b354d8ecfc64af609a316264c63bf18cfc276ebc1613d2c08522f4fad0ff95a060520054c6b888480f6fc6ebfc0431d13735d09389fcafa51f83
- SSDEEP
  
  192:c0SLj50Tavgx685UIhpHKbP2KTMhS0OGYm9lWVjAvNzAWM5Evk7MgG+r5AJ:C52k785UIhp/KTMhSeYmn2jiu5EjP+rs
Score

10^/10

qakbot bb06 1668752705 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  manacle/flown.temp
- Size
  
  372KB
- MD5
  
  f6a5adb277475b087f5b41ff6a4538fd
- SHA1
  
  ab70e01ffeb7058c36fd22c7c686cd4131013aa4
- SHA256
  
  4fcbbcfb8d0957940f702586b08b49112c772db8115a8c9ed16ce85391a3f5cb
- SHA512
  
  295fee9ff731c35c26c37440a5f886372941fb49ce8635541d73331ab0cb524acd8e3398eb885e7d21105c6b6a1d023225fe4943333989fb6829fd2d48274fb1
- SSDEEP
  
  6144:l1eKK1u77wiWjvM9gaYhWawPSxipTR9K1/X2eDA+sqKD9oqHs9Dz/RJhKXuz:mKzMD2gaSWcxITi/X2Z+s7pohvRJhr
Score

10^/10

qakbot bb06 1668752705 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6