qakbot | e7de5a40440c6503bb26fff174efc0e446db528abd20b891c6904b4f8020f85a

General

Target

RET20.iso
Size

604KB
Sample

221121-tfg2vsge63
MD5

ed202999b92b105107858a3f95b3e58a
SHA1

a5992c578e7c7dbdcf36bb344f85e90c418b61b9
SHA256

e7de5a40440c6503bb26fff174efc0e446db528abd20b891c6904b4f8020f85a
SHA512

c8188b495e80afbcd51b0def134f1143fbab539cfaa35c3f6a6efd4cf771abef9c4bf457cfb75e12aacd941d6b86bf9bfd5335be666f3f4957f01f6b4da1622a
SSDEEP

12288:k9NPXHUSlkcAPJr4WhTtiwz4agFwid7e:yNPXUSlknRhTwXF34

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB07

Campaign

1669024152

C2

69.119.123.159:2222

197.148.17.17:2078

174.104.184.149:443

12.172.173.82:995

91.68.227.219:443

85.241.180.94:443

83.7.53.150:443

213.22.188.57:2222

71.46.234.170:443

190.75.150.58:2222

86.98.15.100:995

89.115.196.99:443

83.31.254.67:2222

46.162.109.183:443

2.84.98.228:2222

78.69.251.252:2222

12.172.173.82:465

75.143.236.149:443

47.229.96.60:443

80.121.8.212:995

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  JG.js
- Size
  
  10KB
- MD5
  
  bb9ae41aafc02596e7f9de28ceddf614
- SHA1
  
  fda518c3644d40b2d02c90c4d4a62717212389d9
- SHA256
  
  1b68864eb5e093d583e72bfa5a75ff04b5dab6de653b31f432524cce73342d44
- SHA512
  
  54cd73c9e983f6fc737e4c18d67f2cf44ef2773f856d4fa87f92fae8d20a0f61b2c53e29cf8a2b01900bfcd1be40e9fe26e627f4750bdd6a09953f5500568eb5
- SSDEEP
  
  192:7GISLj5Uravgx685UIhpHKbP2KTMhS0OGYm9lWVjAvNzAWM5Evk7MgG+r5AJ:7GX5Kk785UIhp/KTMhSeYmn2jiu5EjPH
Score

10^/10

qakbot bb07 1669024152 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  almond/tipping.temp
- Size
  
  490KB
- MD5
  
  ee31f0b5e9223b129794115abba0622a
- SHA1
  
  b559924485626e4739a3d5eb5d14a74d46a6590b
- SHA256
  
  559eba057bfdc80a1776ba4c4d4b55b055b8a57e36cfd368a50c996cc2a59d0a
- SHA512
  
  cd65f00427f0fc93c91b0a8921d66ebb6e853a9e061e8fac133cbbca0ce77cb4b0cd90c89326351139c1cf53a275dbb825286d3415fd3c211ffc9538f8bab213
- SSDEEP
  
  6144:GIZQLN2lkgFJUdgAPJgwEpPWD44TIZMUFOvctTWzpbTNEh6BgFJ+twd737Kn:GSlkcAPJr4WhTtiwz4agFwid7e
Score

10^/10

qakbot bb07 1669024152 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4