qakbot | 0f109b2e4b5f625e69c99461d706bc7e853441549cbad846a444474f1b3b60c2

General

Target

NK64.img
Size

842KB
Sample

221119-smw9page27
MD5

3dae2bd479fbd88a58b7a84b79d0326b
SHA1

9b34c0a562bdb52cadc9d929d56dfb938f74b76e
SHA256

0f109b2e4b5f625e69c99461d706bc7e853441549cbad846a444474f1b3b60c2
SHA512

5392bd3da1272f477a8e5214fae9bba9c03ed7699179fa74622b65211664265cf19060aacbfbb7a175c213a0dd52a9bf7457b451c7cb838f14ff63cc1fc1952f
SSDEEP

24576:fNJK8zWcCTiaQsC3bpWbYGQajBp6Pi1YWaw4:fK8I43bUbzQaNpx1Da

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB06

Campaign

1668752705

C2

98.147.155.235:443

49.175.72.56:443

82.31.37.241:443

73.36.196.11:443

2.84.98.228:2222

188.54.79.88:995

184.153.132.82:443

74.66.134.24:443

172.117.139.142:995

12.172.173.82:990

24.64.114.59:3389

12.172.173.82:2087

78.92.133.215:443

24.64.114.59:2222

50.68.204.71:995

105.184.161.242:443

12.172.173.82:22

221.161.103.6:443

98.145.23.67:443

73.161.176.218:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  NK64.img
- Size
  
  842KB
- MD5
  
  3dae2bd479fbd88a58b7a84b79d0326b
- SHA1
  
  9b34c0a562bdb52cadc9d929d56dfb938f74b76e
- SHA256
  
  0f109b2e4b5f625e69c99461d706bc7e853441549cbad846a444474f1b3b60c2
- SHA512
  
  5392bd3da1272f477a8e5214fae9bba9c03ed7699179fa74622b65211664265cf19060aacbfbb7a175c213a0dd52a9bf7457b451c7cb838f14ff63cc1fc1952f
- SSDEEP
  
  24576:fNJK8zWcCTiaQsC3bpWbYGQajBp6Pi1YWaw4:fK8I43bUbzQaNpx1Da
Score

3^/10
behavioral1 behavioral2
- Target
  
  SK.js
- Size
  
  9KB
- MD5
  
  9a85262c490729404428f57998fbd240
- SHA1
  
  d4f61a9e953c1b0b9726064417a3e43d5440e2a8
- SHA256
  
  11ee65da439ba0ae925a613fb558624d850a10c0163f5508296317263f45bf0b
- SHA512
  
  27031658f61504b8c8ec5cdf5d41087c60446ff5b594134db804e89299a2a8aecac0fea9ad9223a6ecd4380abca12b8a355792463ee0e746b38b8da90b2cff23
- SSDEEP
  
  192:cSSLj50Tavgx685UIhpHKbP2KTMhS0OGYm9lWVjAvNzAWM5Evk7MgG+r5AJ:k52k785UIhp/KTMhSeYmn2jiu5EjP+rs
Score

10^/10

qakbot bb06 1668752705 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  manacle/expires.temp
- Size
  
  372KB
- MD5
  
  e0d87ba8e74ded08549f3007cc691d2b
- SHA1
  
  cab5225fc018bed66ecf2cbdcab07c6774588962
- SHA256
  
  27b8953e257d3682dc353bc727a3ca1af6a1a8d629a088b61cacb3ced5a575f6
- SHA512
  
  3b64d041adb6b1729499388c2e4b3cccd007dd83a3395a942b7648cadcf6ea42c3360577156661d722a43d20cf2702fce675f64acbbef881ae2465013416cb26
- SSDEEP
  
  6144:l1eKK1u77wiWjvM9gaYhWawPSxipTR9K1/XCeDA+sqKD9oqHs9Dz/RJhKXuz:mKzMD2gaSWcxITi/XCZ+s7pohvRJhr
Score

10^/10

qakbot bb06 1668752705 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6