qakbot | 72a8ff9e0c9d02648c509ae7e2c176c89711ba0fe6f4df76850e8d22d278f82c

General

Target

IAF86.iso
Size

604KB
Sample

221121-q97ylaga7x
MD5

0fcddccc9be6edf41912ef2658537e80
SHA1

09725e5a0a94bfd9cc4bc0b8b84f3488f4914bda
SHA256

72a8ff9e0c9d02648c509ae7e2c176c89711ba0fe6f4df76850e8d22d278f82c
SHA512

02d607779b9e341f380e5b67d86906e22e768a447f17994b83c4efffa76be2e810250083d9c38957324dd0bf27fe14e0e72381362b0efca8398cc5c26d540931
SSDEEP

12288:YRNPXHUSlkcAPJr4WhTNiwz4agFwid7e:iNPXUSlknRhTQXF34

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB07

Campaign

1669024152

C2

69.119.123.159:2222

197.148.17.17:2078

174.104.184.149:443

12.172.173.82:995

91.68.227.219:443

85.241.180.94:443

83.7.53.150:443

213.22.188.57:2222

71.46.234.170:443

190.75.150.58:2222

86.98.15.100:995

89.115.196.99:443

83.31.254.67:2222

46.162.109.183:443

2.84.98.228:2222

78.69.251.252:2222

12.172.173.82:465

75.143.236.149:443

47.229.96.60:443

80.121.8.212:995

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  JG.js
- Size
  
  10KB
- MD5
  
  7bf64e73152d18451426a664a0e2aa2e
- SHA1
  
  7e2f1ee5199e8d6496a965df0a36bdc258ce9feb
- SHA256
  
  5ffd249ae7fec65153804352577b6fbea130095f4f7c8d008c3af9c5b2c16d01
- SHA512
  
  0afdd3763c9df10060beacca561d0067c2cbbf0253240f4000de75889f115c0ab201394a87429b35eb254d205aaf2434a444529cc33232f9a5757443e7395bbf
- SSDEEP
  
  192:7GESLj5Uravgx685UIhpHKbP2KTMhS0OGYm9lWVjAvNzAWM5Evk7MgG+r5AJ:7GT5Kk785UIhp/KTMhSeYmn2jiu5EjPH
Score

10^/10

qakbot bb07 1669024152 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  almond/rampart.temp
- Size
  
  490KB
- MD5
  
  4472eb5e334578d485ecda238750043a
- SHA1
  
  a1a15722fbd9efaf615fd45d3f4d451e1bdbf074
- SHA256
  
  9726d6d030678adb81295998a2b9c5eccd2523e2a155b57cf9315cf69ab0e19a
- SHA512
  
  0fda71f1358acbdb98d161302736b3af36048c1122598a804382c780f4231b2d548f29e2f7d40d7110b2171ff71d7abfb32962e69fdc0f44a917c9eb82d617f0
- SSDEEP
  
  6144:GIZQLN2lkgFJUdgAPJgwEpPWD44TIlMUFOvctTWzpbTNEh6BgFJ+twd737Kn:GSlkcAPJr4WhTNiwz4agFwid7e
Score

10^/10

qakbot bb07 1669024152 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4