qakbot | 5c9c32aa420fae051a0ba9ab1bda24f4e5ede0ed36347bf842c537aa11cf269e

General

Target

BF53.img
Size

842KB
Sample

221121-z56z6sgc74
MD5

b3ba9cb529778d0799a4ccf474b38a1b
SHA1

cacd71f4c5bb9625eb458fd5c259f8c29c585294
SHA256

5c9c32aa420fae051a0ba9ab1bda24f4e5ede0ed36347bf842c537aa11cf269e
SHA512

bba6b728d3604c13b9b1f59378408422a425376489164439b76d781b744bcf0d4984f2afdda68f017bb7406ce58c491eee2ceba9faeadf8d34d6e208619631a6
SSDEEP

24576:VN5pWbYGQajBp6Pi1YWaw46K8zWcCTikQsC3:JUbzQaNpx1DaIK8I23

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB06

Campaign

1668752705

C2

98.147.155.235:443

49.175.72.56:443

82.31.37.241:443

73.36.196.11:443

2.84.98.228:2222

188.54.79.88:995

184.153.132.82:443

74.66.134.24:443

172.117.139.142:995

12.172.173.82:990

24.64.114.59:3389

12.172.173.82:2087

78.92.133.215:443

24.64.114.59:2222

50.68.204.71:995

105.184.161.242:443

12.172.173.82:22

221.161.103.6:443

98.145.23.67:443

73.161.176.218:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  BF53.img
- Size
  
  842KB
- MD5
  
  b3ba9cb529778d0799a4ccf474b38a1b
- SHA1
  
  cacd71f4c5bb9625eb458fd5c259f8c29c585294
- SHA256
  
  5c9c32aa420fae051a0ba9ab1bda24f4e5ede0ed36347bf842c537aa11cf269e
- SHA512
  
  bba6b728d3604c13b9b1f59378408422a425376489164439b76d781b744bcf0d4984f2afdda68f017bb7406ce58c491eee2ceba9faeadf8d34d6e208619631a6
- SSDEEP
  
  24576:VN5pWbYGQajBp6Pi1YWaw46K8zWcCTikQsC3:JUbzQaNpx1DaIK8I23
Score

3^/10
behavioral1 behavioral2
- Target
  
  SK.js
- Size
  
  9KB
- MD5
  
  822e87747bb3839944c39167da99c701
- SHA1
  
  b865e40a7bd92abca2f0e390ad35d175141d33b2
- SHA256
  
  fb499268feb0090c128e2ae5e1df7c6250612675753b1aa6fad47fb29d6fe876
- SHA512
  
  05c14aec4f0f40dc24370d837f0148d5ca9350ca895b0224b4c2dd52800f3354d242e89cdc243af6a86ebb6126d589f86d74926b9279c9a230e300f9da97e714
- SSDEEP
  
  192:cjSLj50Tavgx685UIhpHKbP2KTMhS0OGYm9lWVjAvNzAWM5Evk7MgG+r5AJ:d52k785UIhp/KTMhSeYmn2jiu5EjP+rs
Score

10^/10

qakbot bb06 1668752705 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  manacle/unvaccinated.temp
- Size
  
  372KB
- MD5
  
  8fa817ddd8e19d41d5475a213e19e5a9
- SHA1
  
  386acf59345e8141d171dcfc655c446536abf0e0
- SHA256
  
  dc764193f2334bc4732faba024df4f9cfc3afbe5ed39ea7badef5ad7d31084cc
- SHA512
  
  f8acc47acb2fe8858380f79391c4dd8eb5f9cb5400690b44edf8e440af9d4237881df32adca5ccb3149cfd8522dd9d407c65cad559f4aa034cc425198692090f
- SSDEEP
  
  6144:l1eKK1u77wiWjvM9gaYhWawPSxipTR9K1/XseDA+sqKD9oqHs9Dz/RJhKXuz:mKzMD2gaSWcxITi/XsZ+s7pohvRJhr
Score

10^/10

qakbot bb06 1668752705 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

3

T1082

Query Registry

1

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6