qakbot | 020df5a6987d5e00f8ea040af87a9a1ceff762453e90d595249b25bd1f63a322

General

Target

FNU10.iso
Size

604KB
Sample

221121-qqwffsbf59
MD5

4e5b1796c58d2710f4c9f1da66be02d8
SHA1

5fcc7688903603edb1fb9db220a5b59e14d25120
SHA256

020df5a6987d5e00f8ea040af87a9a1ceff762453e90d595249b25bd1f63a322
SHA512

b1aae03fb38c20d9263ac6f9cc472407c0fb975ba3ba4f9db24d96a87fd567e1fe51a425dc440cccf450eeda89ad866b5e5174fb7af63b5a1e424dbb0dfd90e6
SSDEEP

12288:HhNDXHUSlkcAPJr4WhTHiwz4agFwid7e:BNDXUSlknRhTKXF34

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB07

Campaign

1669024152

C2

69.119.123.159:2222

197.148.17.17:2078

174.104.184.149:443

12.172.173.82:995

91.68.227.219:443

85.241.180.94:443

83.7.53.150:443

213.22.188.57:2222

71.46.234.170:443

190.75.150.58:2222

86.98.15.100:995

89.115.196.99:443

83.31.254.67:2222

46.162.109.183:443

2.84.98.228:2222

78.69.251.252:2222

12.172.173.82:465

75.143.236.149:443

47.229.96.60:443

80.121.8.212:995

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  JG.js
- Size
  
  10KB
- MD5
  
  2425874bc9daf50c82b08aff91afc4cb
- SHA1
  
  ceda6e8367cacb2b530fe5f21360926459faa503
- SHA256
  
  b74c0f682ac9aaec52b2f7f62b7e7b24bbea560eb00e33a7713db830ab3d16ef
- SHA512
  
  a7e59fe46ae3ca2835adbad0109bbe56f1644025113f561455175ca331eac648c14572a17e6326fca6195a927b8e833dcef030e28fad8a1c0aa1ab82e1f00afe
- SSDEEP
  
  192:7G0SLj5Uravgx685UIhpHKbP2KTMhS0OGYm9lWVjAvNzAWM5Evk7MgG+r5AJ:7Gj5Kk785UIhp/KTMhSeYmn2jiu5EjPH
Score

10^/10

qakbot bb07 1669024152 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  almond/proofs.temp
- Size
  
  490KB
- MD5
  
  ddbfe37ee542e01ff7e4fec440c60487
- SHA1
  
  22a5c14db857c9bce828cdd0a8dfce9215290435
- SHA256
  
  9708ef9cf4a92222375959b73000f4a92a84918ffe102c1843d2c378453a9533
- SHA512
  
  ad8c95867013077bf8d02dd7d73f25e060e2eb7a9886ac577ce3d93273b0445e336032ddb382a2908e5516e928337a061f1806bdc6fa849ab9a29c4e831cc971
- SSDEEP
  
  6144:GIZQLN2lkgFJUdgAPJgwEpPWD44TITMUFOvctTWzpbTNEh6BgFJ+twd737Kn:GSlkcAPJr4WhTHiwz4agFwid7e
Score

10^/10

qakbot bb07 1669024152 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4