qakbot | 152932e1869f55ed3063006cce0bf0203a738778ddde785751019f220b1bad38

General

Target

DHZ51.iso
Size

604KB
Sample

221121-scte2saa8z
MD5

ae529f6eb6665382bbcdc45e38aef54f
SHA1

914db4ba9ddde379a2386d481004d0a80370e488
SHA256

152932e1869f55ed3063006cce0bf0203a738778ddde785751019f220b1bad38
SHA512

cdabda811f4b9a0746fe8fd56b402b19dbd5696d5582d66e76c1aa2c9412f3028990c29de9cec8a1ea98cfbb441f9e2bfba55470f3671f152d387d60dd4b4041
SSDEEP

12288:3CNfXHUSlkcAPJr4WhTriwz4agFwid7e:yNfXUSlknRhT2XF34

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB07

Campaign

1669024152

C2

69.119.123.159:2222

197.148.17.17:2078

174.104.184.149:443

12.172.173.82:995

91.68.227.219:443

85.241.180.94:443

83.7.53.150:443

213.22.188.57:2222

71.46.234.170:443

190.75.150.58:2222

86.98.15.100:995

89.115.196.99:443

83.31.254.67:2222

46.162.109.183:443

2.84.98.228:2222

78.69.251.252:2222

12.172.173.82:465

75.143.236.149:443

47.229.96.60:443

80.121.8.212:995

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Extracted

Family

qakbot

Attributes

salt
~�w%��N$��0��U��J��m�/+

Targets

- Target
  
  JG.js
- Size
  
  10KB
- MD5
  
  b85a2b30e88913e43322666da31b573c
- SHA1
  
  37c835ff4db8813e2f33fe38311bdc1aa39bfc6c
- SHA256
  
  7dc7656db7d5edb9fb34a11278853a846bd89f29615b2bae5c7bf6d9d3200282
- SHA512
  
  50140c18594d396f11ae2373d044b102a98fbca465f09acd4a743f9dc6a2d3be899932f42f4c292ff7275cd5f45c90da505a9342fc0f8365b63610269fc954bd
- SSDEEP
  
  192:7GfSLj5Uravgx685UIhpHKbP2KTMhS0OGYm9lWVjAvNzAWM5Evk7MgG+r5AJ:7G25Kk785UIhp/KTMhSeYmn2jiu5EjPH
Score

10^/10

qakbot bb07 1669024152 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  almond/representable.temp
- Size
  
  490KB
- MD5
  
  c60f6f286c5eaea3d5a5430723a141f5
- SHA1
  
  dd0f6aa4aa495808049f90457363aee85ff671c6
- SHA256
  
  d9059ecf1b028af98406785452180bbfeaef32357d47f72d36168e95008f877e
- SHA512
  
  aa9d40779c21c85ef95d7e6d474f99e8dbe25c5b5c64227ea398e2dc45d7ecc5ddb2f70959eb5a79e0d6190215b5e73096dcdc38e59079e2c9c2d859aefc1b5a
- SSDEEP
  
  6144:GIZQLN2lkgFJUdgAPJgwEpPWD44TIbMUFOvctTWzpbTNEh6BgFJ+twd737Kn:GSlkcAPJr4WhTriwz4agFwid7e
Score

10^/10

qakbot bb07 1669024152 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4