qakbot | 2d3e89c5cc0b38ded52cebfaca28ba1fbf759a0ac578968487076af2a7449390

General

Target

IY37.img
Size

842KB
Sample

221121-npkapagf57
MD5

17c30d260aeba5b69eec6ac5510db9ed
SHA1

5f4dadaf72c35d28a45b154359cc359516757cba
SHA256

2d3e89c5cc0b38ded52cebfaca28ba1fbf759a0ac578968487076af2a7449390
SHA512

e9ae031a44f260e3aec456ecc9def770f6b7efbc10e353e4fc27dca32c46b60aaee12f9fc356a1b4d50cb2be12d260d9c85486b7948fd9f47e6c120bb1428f23
SSDEEP

24576:fN9pOK8zWcCTi7QsC3BbYGQajBp6Pi1YWaw4:DQK8Ir3BbzQaNpx1Da

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB06

Campaign

1668752705

C2

98.147.155.235:443

49.175.72.56:443

82.31.37.241:443

73.36.196.11:443

2.84.98.228:2222

188.54.79.88:995

184.153.132.82:443

74.66.134.24:443

172.117.139.142:995

12.172.173.82:990

24.64.114.59:3389

12.172.173.82:2087

78.92.133.215:443

24.64.114.59:2222

50.68.204.71:995

105.184.161.242:443

12.172.173.82:22

221.161.103.6:443

98.145.23.67:443

73.161.176.218:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  IY37.img
- Size
  
  842KB
- MD5
  
  17c30d260aeba5b69eec6ac5510db9ed
- SHA1
  
  5f4dadaf72c35d28a45b154359cc359516757cba
- SHA256
  
  2d3e89c5cc0b38ded52cebfaca28ba1fbf759a0ac578968487076af2a7449390
- SHA512
  
  e9ae031a44f260e3aec456ecc9def770f6b7efbc10e353e4fc27dca32c46b60aaee12f9fc356a1b4d50cb2be12d260d9c85486b7948fd9f47e6c120bb1428f23
- SSDEEP
  
  24576:fN9pOK8zWcCTi7QsC3BbYGQajBp6Pi1YWaw4:DQK8Ir3BbzQaNpx1Da
Score

3^/10
behavioral1 behavioral2
- Target
  
  SK.js
- Size
  
  9KB
- MD5
  
  44613c0f2ef4cd62edf307a817027260
- SHA1
  
  cca1118229b8d624b07fea94f3d6e8e60feed946
- SHA256
  
  496a06583efc4a1a81fdd70275188e80bd5d91035283021a724e3d1985d672d2
- SHA512
  
  42cdf90f622cdf9b50641df6cec441349a4b3ab5d785a5a953f67fc06afcbb5f33e659431cad64be685112d009cfb114ce1650c2fa613a449fec63617eb27dd7
- SSDEEP
  
  192:cbSLj50Tavgx685UIhpHKbP2KTMhS0OGYm9lWVjAvNzAWM5Evk7MgG+r5AJ:L52k785UIhp/KTMhSeYmn2jiu5EjP+rs
Score

10^/10

qakbot bb06 1668752705 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  manacle/tokenized.temp
- Size
  
  372KB
- MD5
  
  3f3e66f0987073e4c4e5c147df6ab545
- SHA1
  
  c3d2ac1067ff2fcd8aab8214a027d4f763be79ba
- SHA256
  
  9fe85d5fc6988255084dce9ec881170d4f934364d9000669d9b6f7aa403686ad
- SHA512
  
  537872abebbb1564242aae278324448b7690f09cbeef331c99780bd11673ce258f23b47ad4df7e7a39c6b01be4aed413fdf4ff952ec97996d651fa00234d2279
- SSDEEP
  
  6144:l1eKK1u77wiWjvM9gaYhWawPSxipTR9K1/XzeDA+sqKD9oqHs9Dz/RJhKXuz:mKzMD2gaSWcxITi/XzZ+s7pohvRJhr
Score

10^/10

qakbot bb06 1668752705 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6