qakbot | 2681c39b943f4f137e6c76073b4ee5293a02801d47351324bc8fadebeb0c7a12

General

Target

AQG30.iso
Size

604KB
Sample

221121-sw6vgsfe65
MD5

b7076215f7314bbdb418cba987673218
SHA1

23215a430eaea54ce22f23965774a9d742c98b09
SHA256

2681c39b943f4f137e6c76073b4ee5293a02801d47351324bc8fadebeb0c7a12
SHA512

1cf4072d327e7a847e399431cc75671762129e492770f737cf88f495dd68edf2c038a7e8479b3761a1b3e9b49198345d0d2f5c6145b442fb7f4e886127dda65f
SSDEEP

12288:JmNZSlkcAPJr4WhTgiwz4agFwid7eSXH:MNZSlknRhTLXF34SX

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB07

Campaign

1669024152

C2

69.119.123.159:2222

197.148.17.17:2078

174.104.184.149:443

12.172.173.82:995

91.68.227.219:443

85.241.180.94:443

83.7.53.150:443

213.22.188.57:2222

71.46.234.170:443

190.75.150.58:2222

86.98.15.100:995

89.115.196.99:443

83.31.254.67:2222

46.162.109.183:443

2.84.98.228:2222

78.69.251.252:2222

12.172.173.82:465

75.143.236.149:443

47.229.96.60:443

80.121.8.212:995

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Extracted

Family

qakbot

Attributes

salt
~�w%��N$��0��U��J��m�/�

Targets

- Target
  
  JG.js
- Size
  
  10KB
- MD5
  
  93e47011cba9cf8a75343eb5000125e6
- SHA1
  
  b596d095c551aa030bb047ff7c3c0e70601994e6
- SHA256
  
  ef87537b8d605d9187fcb59b476eb297a24783d02f0625d97d9ed5c2a640359e
- SHA512
  
  ce9d49551a3a628bf7174f30c53f6c4f71bf5165d7e0bca6487fad57cce73ca18923a0d68f25612ab7929794403c4cc1297e8f057a9772087c1365a21046836e
- SSDEEP
  
  192:7GrSLj5Uravgx685UIhpHKbP2KTMhS0OGYm9lWVjAvNzAWM5Evk7MgG+r5AJ:7Gi5Kk785UIhp/KTMhSeYmn2jiu5EjPH
Score

10^/10

qakbot bb07 1669024152 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  almond/edinburgh.temp
- Size
  
  490KB
- MD5
  
  3b2b0e132caca9f14fb78016a2770ade
- SHA1
  
  4ad81f7d26157f879fefafe496b3833ed4a28c5b
- SHA256
  
  dab9a7b6811c46b12460678ecff9363f36ab54fa0f5a38570334413854f085ba
- SHA512
  
  f777a336a45cc2b1f3e06074cdeade4101b265d978a823477d3559d99c34714ee7e655b345f5521a7d501ef282cae22b715e8715c7823d53378cf79a9cecdf47
- SSDEEP
  
  6144:GIZQLN2lkgFJUdgAPJgwEpPWD44TIuMUFOvctTWzpbTNEh6BgFJ+twd737Kn:GSlkcAPJr4WhTgiwz4agFwid7e
Score

10^/10

qakbot bb07 1669024152 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4