qakbot | cf1b2bdaac9e409755a5c18612b93cdf4b9965ec639adef3bce83da88eb02d2a

General

Target

NU64.img
Size

842KB
Sample

221121-cev4nafc6x
MD5

67ac0e3d4e7bb08b9cf8abb0b92d316b
SHA1

796771e8133815958619a3603c8d14a7ad98c095
SHA256

cf1b2bdaac9e409755a5c18612b93cdf4b9965ec639adef3bce83da88eb02d2a
SHA512

8c81eace790d7e5dae2d32a3a3297591a7e923a0dca9b6d9fed6114465bfc71c4773e4ea121ced48969b07550f8a5e96f688fac830ef06beb1081db33c7f1c93
SSDEEP

24576:ONdpOK8zWcCTiFQsC3BbYGQajBp6Pi1YWaw4:eQK8Ih3BbzQaNpx1Da

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB06

Campaign

1668752705

C2

98.147.155.235:443

49.175.72.56:443

82.31.37.241:443

73.36.196.11:443

2.84.98.228:2222

188.54.79.88:995

184.153.132.82:443

74.66.134.24:443

172.117.139.142:995

12.172.173.82:990

24.64.114.59:3389

12.172.173.82:2087

78.92.133.215:443

24.64.114.59:2222

50.68.204.71:995

105.184.161.242:443

12.172.173.82:22

221.161.103.6:443

98.145.23.67:443

73.161.176.218:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  NU64.img
- Size
  
  842KB
- MD5
  
  67ac0e3d4e7bb08b9cf8abb0b92d316b
- SHA1
  
  796771e8133815958619a3603c8d14a7ad98c095
- SHA256
  
  cf1b2bdaac9e409755a5c18612b93cdf4b9965ec639adef3bce83da88eb02d2a
- SHA512
  
  8c81eace790d7e5dae2d32a3a3297591a7e923a0dca9b6d9fed6114465bfc71c4773e4ea121ced48969b07550f8a5e96f688fac830ef06beb1081db33c7f1c93
- SSDEEP
  
  24576:ONdpOK8zWcCTiFQsC3BbYGQajBp6Pi1YWaw4:eQK8Ih3BbzQaNpx1Da
Score

3^/10
behavioral1 behavioral2
- Target
  
  SK.js
- Size
  
  9KB
- MD5
  
  2d726238fc314e43d0964228a049fc3b
- SHA1
  
  2f5a44bd9c0c61bf02357f0cbce91b3e5f3302d1
- SHA256
  
  388808ed178aa2734b792b51cc8033efc002522a7dce4d2062dcb52b6476481f
- SHA512
  
  c427d291009c6d0c21b5c14c33ae96bc30d931a7b4d3b5b1c239f58dc1694ecbe2165b94404f8bb769c2f49fb42ff494a24959dfdd03ffdf36dff3c241fae958
- SSDEEP
  
  192:cFYSLj50Tavgx685UIhpHKbP2KTMhS0OGYm9lWVjAvNzAWM5Evk7MgG+r5AJ:852k785UIhp/KTMhSeYmn2jiu5EjP+rs
Score

10^/10

qakbot bb06 1668752705 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  manacle/unconsciously.temp
- Size
  
  372KB
- MD5
  
  6f67cd86dc6ec9b82e1d97cd66ec922d
- SHA1
  
  72b509f0bb5751ad7000b1bb68aaf825b994734b
- SHA256
  
  1209100cb87e484d76c67877e6e0a0505023b5c6b7c4f6abef3190348841465e
- SHA512
  
  a3ed498749f99221fcc19175e5b94ec6c264a73178d2236dee43f8dd62f4900757f0396abc74781cb9c34c6eb7e10a7d2bd553c08d544b3955fb8c9de26274a3
- SSDEEP
  
  6144:l1eKK1u77wiWjvM9gaYhWawPSxipTR9K1/XteDA+sqKD9oqHs9Dz/RJhKXuz:mKzMD2gaSWcxITi/XtZ+s7pohvRJhr
Score

10^/10

qakbot bb06 1668752705 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6