qakbot | 96cef1d6ff6c3d75eb633549f2dbc8f2d74e30b52a39bf693ff918992f179604

General

Target

QNC51.iso
Size

604KB
Sample

221121-rtht7shb3z
MD5

fe9cae7c2f5b52033045b0c23842f94a
SHA1

6109304edefc0f4c6905cb8530c2d11b68044a84
SHA256

96cef1d6ff6c3d75eb633549f2dbc8f2d74e30b52a39bf693ff918992f179604
SHA512

5e5bd3b253d4302e3e1a5c94dc41af027b9c7255ad1de62389cacb4e204a2f18735b7e3f63ecc58ae6ea6119913e6561f18f85bacbed267f6e4205a588a55b4d
SSDEEP

12288:KuNPXHUSlkcAPJr4WhTtJiwz4agFwid7e:XNPXUSlknRhTuXF34

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB07

Campaign

1669024152

C2

69.119.123.159:2222

197.148.17.17:2078

174.104.184.149:443

12.172.173.82:995

91.68.227.219:443

85.241.180.94:443

83.7.53.150:443

213.22.188.57:2222

71.46.234.170:443

190.75.150.58:2222

86.98.15.100:995

89.115.196.99:443

83.31.254.67:2222

46.162.109.183:443

2.84.98.228:2222

78.69.251.252:2222

12.172.173.82:465

75.143.236.149:443

47.229.96.60:443

80.121.8.212:995

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  JG.js
- Size
  
  10KB
- MD5
  
  48dbfaee9bb77756821342c7e575e1a5
- SHA1
  
  bcf9144b2f426c44b799863e42ebb166e4938363
- SHA256
  
  8af3571fefbae3f63d4cd1be8f5ef443b92f8584941c1655e31e2fd8e9fa2975
- SHA512
  
  fcadafde1e70d3d62714790bd8641efc106c6742dce80479482a8b1732dd79b49c02e85e4a80a6edb89bf1dade3fe60e04659bf9e069cf08fdfca19d0aa50f51
- SSDEEP
  
  192:7GjSLj5Uravgx685UIhpHKbP2KTMhS0OGYm9lWVjAvNzAWM5Evk7MgG+r5AJ:7Ga5Kk785UIhp/KTMhSeYmn2jiu5EjPH
Score

10^/10

qakbot bb07 1669024152 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  almond/walling.temp
- Size
  
  490KB
- MD5
  
  2f895b91911563032abbc03ac1b61c5a
- SHA1
  
  943ad2e4c9c4a3c2c2696a8c3f038a68677734a7
- SHA256
  
  25aa84f06b1e2a5677976649f61b9e16e921ec070903923fd6c1cdae908e1e8a
- SHA512
  
  024f4a520031dfa15be78194c4dfb1cfd08295cf61e33f3140960b8efb1d94acab8c85cb79d427e708c0f3c19a6dd431b5b21863e35b5b317b38d31cdf66382e
- SSDEEP
  
  6144:GIZQLN2lkgFJUdgAPJgwEpPWD44TIiAMUFOvctTWzpbTNEh6BgFJ+twd737Kn:GSlkcAPJr4WhTtJiwz4agFwid7e
Score

10^/10

qakbot bb07 1669024152 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4