qakbot | d6e52031d9247741776603fee48efca924bd7b9047f234c368a0ab0e84582aa0

General

Target

ZL49.img
Size

842KB
Sample

221119-gta49acc6y
MD5

62cc17ce3cda871877e6de3a391ff2cc
SHA1

d84ec54b11c7eec0126da004685078d8d0832628
SHA256

d6e52031d9247741776603fee48efca924bd7b9047f234c368a0ab0e84582aa0
SHA512

df14fedc603ad03accfae8d8b2cfb2b5b1f506caa80137b92d0f789d969124f8312f73ae2eba8d75b83b499e6437ebc01fcb9ab567fac4429c985efc3253c261
SSDEEP

24576:VN5K8zWcCTi1QsC3bpWbYGQajBp6Pi1YWaw4:JK8I93bUbzQaNpx1Da

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB06

Campaign

1668752705

C2

98.147.155.235:443

49.175.72.56:443

82.31.37.241:443

73.36.196.11:443

2.84.98.228:2222

188.54.79.88:995

184.153.132.82:443

74.66.134.24:443

172.117.139.142:995

12.172.173.82:990

24.64.114.59:3389

12.172.173.82:2087

78.92.133.215:443

24.64.114.59:2222

50.68.204.71:995

105.184.161.242:443

12.172.173.82:22

221.161.103.6:443

98.145.23.67:443

73.161.176.218:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  ZL49.img
- Size
  
  842KB
- MD5
  
  62cc17ce3cda871877e6de3a391ff2cc
- SHA1
  
  d84ec54b11c7eec0126da004685078d8d0832628
- SHA256
  
  d6e52031d9247741776603fee48efca924bd7b9047f234c368a0ab0e84582aa0
- SHA512
  
  df14fedc603ad03accfae8d8b2cfb2b5b1f506caa80137b92d0f789d969124f8312f73ae2eba8d75b83b499e6437ebc01fcb9ab567fac4429c985efc3253c261
- SSDEEP
  
  24576:VN5K8zWcCTi1QsC3bpWbYGQajBp6Pi1YWaw4:JK8I93bUbzQaNpx1Da
Score

3^/10
behavioral1 behavioral2
- Target
  
  SK.js
- Size
  
  9KB
- MD5
  
  03efc266b1d7f6081c752d152267e862
- SHA1
  
  c842866c9d150e8ec9e85c27c45c1dfee3e8577d
- SHA256
  
  0ba184cdfa520fd888599a9c62cf5e7e0a5e0a74d3cd3c7067579a8b0d93acf1
- SHA512
  
  800ff692cc615e0760fcfc48b89ce0f4fce171adba9e010439ec4b104a05c04bb75cd7b15a28e8885a39c1843e3a40b56ce7116c4e8ed48471469a48dd1a6fff
- SSDEEP
  
  192:cKSLj50Tavgx685UIhpHKbP2KTMhS0OGYm9lWVjAvNzAWM5Evk7MgG+r5AJ:s52k785UIhp/KTMhSeYmn2jiu5EjP+rs
Score

10^/10

qakbot bb06 1668752705 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  manacle/april.temp
- Size
  
  372KB
- MD5
  
  1096fd31db8e76378bea0602fae2754b
- SHA1
  
  5a2c582c6f22ec387e2d800bd5aa85d676599932
- SHA256
  
  beafeae4fa11d40d69987a45a5c654f67dbc3793f1088746771e61a2256b88e3
- SHA512
  
  52fbde622eb49d2dd8a3ab826ab30bfea256befa719bb4d13d9403022cca5b8015ec153f9c3835f32d73fc61f82399a6a32f657dd138f4d46a8e8bfdf472ef09
- SSDEEP
  
  6144:l1eKK1u77wiWjvM9gaYhWawPSxipTR9K1/XNeDA+sqKD9oqHs9Dz/RJhKXuz:mKzMD2gaSWcxITi/XNZ+s7pohvRJhr
Score

10^/10

qakbot bb06 1668752705 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6