qakbot | 02649bac9739be34e1f1174d39764eeb37b4a396389e3281d2783a1a1e5b2b41

General

Target

ZG14.img
Size

842KB
Sample

221121-m584babd8z
MD5

498926c0bdaf6491eac55a33ae912197
SHA1

0e73509648f64066ab9373c96a7efb7ade6fba0c
SHA256

02649bac9739be34e1f1174d39764eeb37b4a396389e3281d2783a1a1e5b2b41
SHA512

be72be5ec4f9bd880b012ffbdfbc8de8e465d1c23db07ffb5418a748b805bd6a0294b6a76aebfb2826e58b82a8f890da688e59d6f85e4805e4a7856d503241c9
SSDEEP

24576:GN5pOK8zWcCTijQsC3BbYGQajBp6Pi1YWaw4:sQK8I/3BbzQaNpx1Da

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB06

Campaign

1668752705

C2

98.147.155.235:443

49.175.72.56:443

82.31.37.241:443

73.36.196.11:443

2.84.98.228:2222

188.54.79.88:995

184.153.132.82:443

74.66.134.24:443

172.117.139.142:995

12.172.173.82:990

24.64.114.59:3389

12.172.173.82:2087

78.92.133.215:443

24.64.114.59:2222

50.68.204.71:995

105.184.161.242:443

12.172.173.82:22

221.161.103.6:443

98.145.23.67:443

73.161.176.218:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  ZG14.img
- Size
  
  842KB
- MD5
  
  498926c0bdaf6491eac55a33ae912197
- SHA1
  
  0e73509648f64066ab9373c96a7efb7ade6fba0c
- SHA256
  
  02649bac9739be34e1f1174d39764eeb37b4a396389e3281d2783a1a1e5b2b41
- SHA512
  
  be72be5ec4f9bd880b012ffbdfbc8de8e465d1c23db07ffb5418a748b805bd6a0294b6a76aebfb2826e58b82a8f890da688e59d6f85e4805e4a7856d503241c9
- SSDEEP
  
  24576:GN5pOK8zWcCTijQsC3BbYGQajBp6Pi1YWaw4:sQK8I/3BbzQaNpx1Da
Score

3^/10
behavioral1 behavioral2
- Target
  
  SK.js
- Size
  
  9KB
- MD5
  
  d6a0a12caa2804fbaa1b3da762f54fa6
- SHA1
  
  9d5564860e326358ae66796084f9002de32a95cd
- SHA256
  
  aebea94d3ef23aea0c8a7276a9e9deb10c53d6fc88d4de7d12eeac04e10b1871
- SHA512
  
  e1480953baba5c2cddef43092567e44a6c96921b97f1aff1709d3aed4ef49cbbbf13e21d8da39fe9280b67efcb682327431dd9c8476fcf25986a0d458e4200a7
- SSDEEP
  
  192:cYSLj50Tavgx685UIhpHKbP2KTMhS0OGYm9lWVjAvNzAWM5Evk7MgG+r5AJ:E52k785UIhp/KTMhSeYmn2jiu5EjP+rs
Score

10^/10

qakbot bb06 1668752705 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  manacle/rich.temp
- Size
  
  372KB
- MD5
  
  12a768f0710633c62c4b05bb6fe32e18
- SHA1
  
  92fc166a677cb4d988ee97d9fbc911490d68dd16
- SHA256
  
  60f976f042a97522d09e731b7fe829c6217213273975d92006fa5e9e0e0db78e
- SHA512
  
  67c58ce57780f10c99991973d124f99f43799896959acbc1104358a7e208392aaa7cc4eed7b51e31536f1bbb53f9ca736a84e8dc77dec39e14ecfe79df028b4c
- SSDEEP
  
  6144:l1eKK1u77wiWjvM9gaYhWawPSxipTR9K1/XLeDA+sqKD9oqHs9Dz/RJhKXuz:mKzMD2gaSWcxITi/XLZ+s7pohvRJhr
Score

10^/10

qakbot bb06 1668752705 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6