qakbot | e117f232d9017bafab4854c0b73578f14e3d4311052ef9c69680804b2b733f03

General

Target

TZ67.img
Size

842KB
Sample

221119-r4fslafe76
MD5

33bbe8729cb9ff3ccba095d0ac66060c
SHA1

dacad73e0a1cb1dcf649b30f58d4135005e4f955
SHA256

e117f232d9017bafab4854c0b73578f14e3d4311052ef9c69680804b2b733f03
SHA512

be39269f0b3121245159ea1fec251ea63c4e42ff3dc3c4988581a083e875e985623c3e544d4eedc047d1b86ecaa281f28bd2f442eafd024321927545b4ece2d3
SSDEEP

24576:YNlK8zWcCTi4QsC3bpWbYGQajBp6Pi1YWaw4:kK8IC3bUbzQaNpx1Da

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB06

Campaign

1668752705

C2

98.147.155.235:443

49.175.72.56:443

82.31.37.241:443

73.36.196.11:443

2.84.98.228:2222

188.54.79.88:995

184.153.132.82:443

74.66.134.24:443

172.117.139.142:995

12.172.173.82:990

24.64.114.59:3389

12.172.173.82:2087

78.92.133.215:443

24.64.114.59:2222

50.68.204.71:995

105.184.161.242:443

12.172.173.82:22

221.161.103.6:443

98.145.23.67:443

73.161.176.218:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  TZ67.img
- Size
  
  842KB
- MD5
  
  33bbe8729cb9ff3ccba095d0ac66060c
- SHA1
  
  dacad73e0a1cb1dcf649b30f58d4135005e4f955
- SHA256
  
  e117f232d9017bafab4854c0b73578f14e3d4311052ef9c69680804b2b733f03
- SHA512
  
  be39269f0b3121245159ea1fec251ea63c4e42ff3dc3c4988581a083e875e985623c3e544d4eedc047d1b86ecaa281f28bd2f442eafd024321927545b4ece2d3
- SSDEEP
  
  24576:YNlK8zWcCTi4QsC3bpWbYGQajBp6Pi1YWaw4:kK8IC3bUbzQaNpx1Da
Score

3^/10
behavioral1 behavioral2
- Target
  
  SK.js
- Size
  
  9KB
- MD5
  
  02827aac18af8e02d4ce0af76c4c5681
- SHA1
  
  1840bed1bf186133287848aefeedfa06d251db2f
- SHA256
  
  9ece0bde28f5906337ec5cb7724f3f95c9c33b50e75fba74d5a30d7c26853f33
- SHA512
  
  46e57a016103453fa7aec9f423c4cfbcdc351e0ae90818bbd0b519cac83df15e6dc6674127e69dcc7eead140a0a6d72526d7c894e2f24f760806a81d8d887fdd
- SSDEEP
  
  192:cbSLj50Tavgx685UIhpHKbP2KTMhS0OGYm9lWVjAvNzAWM5Evk7MgG+r5AJ:p52k785UIhp/KTMhSeYmn2jiu5EjP+rs
Score

10^/10

qakbot bb06 1668752705 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  manacle/assignations.temp
- Size
  
  372KB
- MD5
  
  b8e3ea9a186d19d86e56bb1310e7d197
- SHA1
  
  b32281c34e57b2e6e336820c02238deffbc367e2
- SHA256
  
  34c9f809c591dd8d8c466a4f535461f3eec15f8915f1d915bc395493b7ff5141
- SHA512
  
  4e6a72447264039ec8ae504b942a1218514bd3c2ec02b12629e589ed87278757546090c8e8be8f2ff37bcea10c6b6609b42e78141cd1ebb553cd41f7949ea39e
- SSDEEP
  
  6144:l1eKK1u77wiWjvM9gaYhWawPSxipTR9K1/XAeDA+sqKD9oqHs9Dz/RJhKXuz:mKzMD2gaSWcxITi/XAZ+s7pohvRJhr
Score

10^/10

qakbot bb06 1668752705 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6