qakbot | 4afaf73946ec0b7068a2836660627a65ff1d38ca6db2447b167b021bc88c4aaa

General

Target

AR01.img
Size

842KB
Sample

221121-l3ldsshf51
MD5

d2ea210debc462d72dc6fbef6e71941b
SHA1

a7df476dd1fd5ef0054f3198715f3fb12e21a097
SHA256

4afaf73946ec0b7068a2836660627a65ff1d38ca6db2447b167b021bc88c4aaa
SHA512

6d9681281cf2fb1530f3f87331df18a22f26a0d1705a3ac26f57bd6b3f6705db07d2194e67e8d67336e576131f2513bb6efd0b47cab3ef6337e7a91296c96454
SSDEEP

24576:CN5K8zWcCTiUQsC3bpWbYGQajBp6Pi1YWaw4:YK8IC3bUbzQaNpx1Da

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB06

Campaign

1668752705

C2

98.147.155.235:443

49.175.72.56:443

82.31.37.241:443

73.36.196.11:443

2.84.98.228:2222

188.54.79.88:995

184.153.132.82:443

74.66.134.24:443

172.117.139.142:995

12.172.173.82:990

24.64.114.59:3389

12.172.173.82:2087

78.92.133.215:443

24.64.114.59:2222

50.68.204.71:995

105.184.161.242:443

12.172.173.82:22

221.161.103.6:443

98.145.23.67:443

73.161.176.218:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  AR01.img
- Size
  
  842KB
- MD5
  
  d2ea210debc462d72dc6fbef6e71941b
- SHA1
  
  a7df476dd1fd5ef0054f3198715f3fb12e21a097
- SHA256
  
  4afaf73946ec0b7068a2836660627a65ff1d38ca6db2447b167b021bc88c4aaa
- SHA512
  
  6d9681281cf2fb1530f3f87331df18a22f26a0d1705a3ac26f57bd6b3f6705db07d2194e67e8d67336e576131f2513bb6efd0b47cab3ef6337e7a91296c96454
- SSDEEP
  
  24576:CN5K8zWcCTiUQsC3bpWbYGQajBp6Pi1YWaw4:YK8IC3bUbzQaNpx1Da
Score

3^/10
behavioral1 behavioral2
- Target
  
  SK.js
- Size
  
  9KB
- MD5
  
  208143aed0809a0ca4a504c412ee0583
- SHA1
  
  d4881b113ce0d997331ef35224e2310904b063bb
- SHA256
  
  49fff0b4d11f2f27483c72697034eab9ff3f50214a6a97b22d0a91ce199375ec
- SHA512
  
  3264172d6f1d29776e04fba284733ee65acd720bc5c53c8aa5bfd4da637ca54a76aa849430b4b5f9c622bd3463205e43395eef16cd5ba431815398b9f53a01c8
- SSDEEP
  
  192:cLSLj50Tavgx685UIhpHKbP2KTMhS0OGYm9lWVjAvNzAWM5Evk7MgG+r5AJ:r52k785UIhp/KTMhSeYmn2jiu5EjP+rs
Score

10^/10

qakbot bb06 1668752705 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  manacle/colds.temp
- Size
  
  372KB
- MD5
  
  ffaeec42f458bec67a00df986ad04bd0
- SHA1
  
  438933f57b2bd52b76b3c7519992656ae8d6eac5
- SHA256
  
  2d1e97f108577ec652d5a5fc1cd43d36f2cd4f8fbbd0ed7a64fe79d7e1b7f82c
- SHA512
  
  80e7c83199e8fd95b09e316e7f69ff36d0fbfa7ddc96bd8324b4e99d43272e1e4828e4d46f8c0f1cb90d7c588a8b7b609d084c52ab034ec2d035898eb159ed05
- SSDEEP
  
  6144:l1eKK1u77wiWjvM9gaYhWawPSxipTR9K1/XseDA+sqKD9oqHs9Dz/RJhKXuz:mKzMD2gaSWcxITi/XsZ+s7pohvRJhr
Score

10^/10

qakbot bb06 1668752705 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6