qakbot | 8151b9fc13ca6fc789d2878fee09b1bd8effc9f052e02c3efabf3c2f42def672

General

Target

GX51.img
Size

842KB
Sample

221121-mlxwyaeh94
MD5

507213006c8c7b3e6c3932917c1c803c
SHA1

084175e46d2d60a82de11c4c4dd6bc89b6452cf0
SHA256

8151b9fc13ca6fc789d2878fee09b1bd8effc9f052e02c3efabf3c2f42def672
SHA512

82023ffd44d9de31ba97863a98c44c20468a7000822eedb9475cdb7c2826666268252448eea4b904df54d6b94d8ae2fd20b5ec97ee0ba4b853aed69717868f1e
SSDEEP

24576:5NJpOK8zWcCTi4QsC3BbYGQajBp6Pi1YWaw4:NQK8Im3BbzQaNpx1Da

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB06

Campaign

1668752705

C2

98.147.155.235:443

49.175.72.56:443

82.31.37.241:443

73.36.196.11:443

2.84.98.228:2222

188.54.79.88:995

184.153.132.82:443

74.66.134.24:443

172.117.139.142:995

12.172.173.82:990

24.64.114.59:3389

12.172.173.82:2087

78.92.133.215:443

24.64.114.59:2222

50.68.204.71:995

105.184.161.242:443

12.172.173.82:22

221.161.103.6:443

98.145.23.67:443

73.161.176.218:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  GX51.img
- Size
  
  842KB
- MD5
  
  507213006c8c7b3e6c3932917c1c803c
- SHA1
  
  084175e46d2d60a82de11c4c4dd6bc89b6452cf0
- SHA256
  
  8151b9fc13ca6fc789d2878fee09b1bd8effc9f052e02c3efabf3c2f42def672
- SHA512
  
  82023ffd44d9de31ba97863a98c44c20468a7000822eedb9475cdb7c2826666268252448eea4b904df54d6b94d8ae2fd20b5ec97ee0ba4b853aed69717868f1e
- SSDEEP
  
  24576:5NJpOK8zWcCTi4QsC3BbYGQajBp6Pi1YWaw4:NQK8Im3BbzQaNpx1Da
Score

3^/10
behavioral1 behavioral2
- Target
  
  SK.js
- Size
  
  9KB
- MD5
  
  c8c81c19fa3b9e4a352028e1e77b9886
- SHA1
  
  22fe5b4194f6785ae0c5c3eba5c9557b1c436302
- SHA256
  
  3beba147a3f2b3c6bb928fe1b062941ffb32cacb103695ef018d7c99d3b85c56
- SHA512
  
  bd382a11e80079060f7984059e448db1adb5ce1a8484f4ad853bcab1563e8714edbf7fc768b5b3ebee909af6b47ae06e0b942c984cd26354377786369447b9d3
- SSDEEP
  
  192:ckSLj50Tavgx685UIhpHKbP2KTMhS0OGYm9lWVjAvNzAWM5Evk7MgG+r5AJ:c52k785UIhp/KTMhSeYmn2jiu5EjP+rs
Score

10^/10

qakbot bb06 1668752705 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  manacle/superabundance.temp
- Size
  
  372KB
- MD5
  
  3ecc93f9d6b41e0c4e6da80a20991527
- SHA1
  
  8841f8599bcd0011ffbae4be617b8f7a48101296
- SHA256
  
  90f29b440ee2a2163dcaa1e10719a325b9569e8e43f14be017343922f6901d0c
- SHA512
  
  6c5a3e6d3c1888df22227055f5d289c8aa94051812d9a1c34e6ec093954cb9a1ec2360f18c3ba44eaf1bd0c1a3a99e6293d3ae7fd226d45060a1e6b2b4369623
- SSDEEP
  
  6144:l1eKK1u77wiWjvM9gaYhWawPSxipTR9K1/XAeDA+sqKD9oqHs9Dz/RJhKXuz:mKzMD2gaSWcxITi/XAZ+s7pohvRJhr
Score

10^/10

qakbot bb06 1668752705 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6