qakbot | f90681a3c5525abdc8c0c0ec190f001ac79786c72fc23d5cf2b6ba8e6579a538

General

Target

M301.iso
Size

1.3MB
Sample

221122-tx4xysde3v
MD5

dbbb3db66e43848f58728492e0dea5ca
SHA1

d662f718cf63717688a1f5a237d25cf3e8a2fffe
SHA256

f90681a3c5525abdc8c0c0ec190f001ac79786c72fc23d5cf2b6ba8e6579a538
SHA512

9c3acd4adc11f260ffdd64e2d43c4695828b3181cc832786cba2a62c493aec5a090db6909b86573fb9e19134864d18fe3443824048259548e122a5f5fdbd3bf3
SSDEEP

24576:btbXYkbOvnDF9dnJEd+5F6bRGiJzN8gvd4rmwd2eZL/v2mWG2mWYYtQO/8jZhOtF:iHnDF9dnJEd+5F6bR/JzN863q/v2mWGv

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB07

Campaign

1669024152

C2

69.119.123.159:2222

197.148.17.17:2078

174.104.184.149:443

12.172.173.82:995

91.68.227.219:443

85.241.180.94:443

83.7.53.150:443

213.22.188.57:2222

71.46.234.170:443

190.75.150.58:2222

86.98.15.100:995

89.115.196.99:443

83.31.254.67:2222

46.162.109.183:443

2.84.98.228:2222

78.69.251.252:2222

12.172.173.82:465

75.143.236.149:443

47.229.96.60:443

80.121.8.212:995

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  XS.vbs
- Size
  
  9KB
- MD5
  
  9eff66dd9b4af8d717b391f2480f0685
- SHA1
  
  73300cf7a616a05e175ae4be611595f07a59a98f
- SHA256
  
  38cc60d96d146e02f46fe3102ecc61111b2e06258c0a1d8a44989d19e71be06b
- SHA512
  
  d234f09606ac2bb4758749dff5167d558e32ac539963e0de75c0e66b0306c3d1fdbb922de0f6efcc6c2a15f18c392ab56b9853e4ed009887fb3b3a2e084bef80
- SSDEEP
  
  192:NeSjpUorcl/E4hp3aD/OCMhiEe1mUS1G0vdzgW20fkbsgTbpQt:A4pnrcpE4hpPCMhidmnGm80jWb4
Score

10^/10

qakbot bb07 1669024152 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  gray/hindmost.temp
- Size
  
  1.0MB
- MD5
  
  09a815f48d8a5319d88f2b8b2e4b02ab
- SHA1
  
  e6601cb30205c8e790ac4511f0d6362b80dbb9f5
- SHA256
  
  085f0f3f25b1328d153a7c56125e1d8a4d43bc882fe3f250d742ea5247850c02
- SHA512
  
  5ba1578fe2203155bfcdda248c2d8a2cce3799f0e45c36ea952b7043b3c4436c1c53daec69cdf8d00a98638bb63220310ab060e0c8f28cc051d0b76b99eafebf
- SSDEEP
  
  24576:AXYkbOvnDF9dnJEd+5F6bRGiJzN8gvd4rmwd2eZL/v2mWG2mWYY:XHnDF9dnJEd+5F6bR/JzN863q/v2mWGl
Score

10^/10

qakbot bb07 1669024152 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4