qakbot | 79bacce691757454506a3ac0d3da259eb78dd85e769af706084ea16a180041a8

General

Target

ZWY39.iso
Size

604KB
Sample

221121-tzsmpscg5x
MD5

7fd4dd9f3235d831769a1685cfb6fdfc
SHA1

97848384535878062f2f52c21edd64ee8350a8f1
SHA256

79bacce691757454506a3ac0d3da259eb78dd85e769af706084ea16a180041a8
SHA512

979d77c37dd0ec58fcc0fc550e5f752edcaa760126c9bf2641dacfff23c1035ffce5ecef5827c9e82f1478d4dd0ee615b1c047c803920a7c218c018b56e3eccb
SSDEEP

12288:2cNfXHUSlkcAPJr4WhTmiwz4agFwid7e:NNfXUSlknRhTBXF34

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB07

Campaign

1669024152

C2

69.119.123.159:2222

197.148.17.17:2078

174.104.184.149:443

12.172.173.82:995

91.68.227.219:443

85.241.180.94:443

83.7.53.150:443

213.22.188.57:2222

71.46.234.170:443

190.75.150.58:2222

86.98.15.100:995

89.115.196.99:443

83.31.254.67:2222

46.162.109.183:443

2.84.98.228:2222

78.69.251.252:2222

12.172.173.82:465

75.143.236.149:443

47.229.96.60:443

80.121.8.212:995

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  JG.js
- Size
  
  10KB
- MD5
  
  d314b639c98ad565631678f325359a36
- SHA1
  
  e419b4483754e028e06bd21452e379a01e750386
- SHA256
  
  4d74a1803c53dffeaf4026b184618ef6d52be2ba254a4073890d1e2a201d62e6
- SHA512
  
  8e063db2c016079aef4e6c209140568def6aee2e5e04ab19951cc3b84ab5ea0a4dba515a6c518ba278e54d0a624d227f73fccbe6dceef5ee1ad24cb12a30df2a
- SSDEEP
  
  192:7GpSLj5Uravgx685UIhpHKbP2KTMhS0OGYm9lWVjAvNzAWM5Evk7MgG+r5AJ:7GU5Kk785UIhp/KTMhSeYmn2jiu5EjPH
Score

10^/10

qakbot bb07 1669024152 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  almond/wispy.temp
- Size
  
  490KB
- MD5
  
  df888c8db7c11bcc0e7b45723669689f
- SHA1
  
  5f0170f2af8dddc456ddf8f8f05cf27dd59604d1
- SHA256
  
  df395187c0289ae3576bca0042ceb3b909cee84dfd1b156662a11fb18cde02fa
- SHA512
  
  4a8c7921e722d7b9084c77fd8d33b458335c9d677d1df4058e5f6d13552a0f95f55d413410dcbd9d5f83028f32c897771750410c55a7e4cd46722ef611a1d8c5
- SSDEEP
  
  6144:GIZQLN2lkgFJUdgAPJgwEpPWD44TIYMUFOvctTWzpbTNEh6BgFJ+twd737Kn:GSlkcAPJr4WhTmiwz4agFwid7e
Score

10^/10

qakbot bb07 1669024152 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4