qakbot | 9d53fdbc3ba9a8512ab3aca60edeaaf891c90940894c0deb4840131b7197ecf6

General

Target

B610.zip
Size

535KB
Sample

221122-vkja6aag69
MD5

33f54fb190da3fc1137e87c2cb55b786
SHA1

58d6ed905fd6d623662460c767bebc0eee42a581
SHA256

9d53fdbc3ba9a8512ab3aca60edeaaf891c90940894c0deb4840131b7197ecf6
SHA512

ceb2f276c0c7ecd49d84c3ad0c8edaa0d886fd06f4df4ac64d81bec047e793bf5c64504cf9f40b25b2d9ced77784c2164d50afe00cb07f2e4cc05763dcd46c2f
SSDEEP

12288:r498Z7wjePoH+/0IvVo8LzblxE+FLO1wp5Cnopct5XQp:c81wjAocqCNZiOGrAp

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB07

Campaign

1669024152

C2

69.119.123.159:2222

197.148.17.17:2078

174.104.184.149:443

12.172.173.82:995

91.68.227.219:443

85.241.180.94:443

83.7.53.150:443

213.22.188.57:2222

71.46.234.170:443

190.75.150.58:2222

86.98.15.100:995

89.115.196.99:443

83.31.254.67:2222

46.162.109.183:443

2.84.98.228:2222

78.69.251.252:2222

12.172.173.82:465

75.143.236.149:443

47.229.96.60:443

80.121.8.212:995

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  B610.iso
- Size
  
  1.3MB
- MD5
  
  f059da2ece2b79ec9b8b7e7974bcc7ab
- SHA1
  
  32ee510ea1e38f965f69e7ed143102d2b10066e6
- SHA256
  
  1e2668d29e5e8df2398bed8d50ba459f5506abcda0d869e51d0fa089c68570d4
- SHA512
  
  aae109ce6457fc6df313e4742bc32c46ad0d5070cb44f8f836d21252541ca8f5cbbc1292fc71eb836c370cfb81b9499420bc984a680f6ae79500c23b4e417cc6
- SSDEEP
  
  24576:ftRspkSUYg05qQg7/w6NJTgqLlIAeRwgQAwgQAFKWQO/8jZhOtE0KMIK:lSUY/5qQvcgE+AeRwgQAwgQAF5QO/wZn
Score

3^/10
behavioral1 behavioral2
- Target
  
  XS.vbs
- Size
  
  9KB
- MD5
  
  9215e1226194ae2dbd5b3916d7f94365
- SHA1
  
  838982b19950520936efa65cef7e6408794ee64e
- SHA256
  
  d2f84dce7fcad8208f0a0181bd276a681c9132b72a79d419f111c09ff37d79f1
- SHA512
  
  d2f0c6577bca1901f17ce650df9b65050c8907ba1561a19bc0b2f3f300ea10f770eca42d7a56d411e396434032cb326320b606cfa2bf9c23fab18e4d61c82ae9
- SSDEEP
  
  192:63eSjpUorcl/E4hp3aD/OCMhiEe1mUS1G0vdzgW20fkbsgTbpQt:6O4pnrcpE4hpPCMhidmnGm80jWb4
Score

10^/10

qakbot bb07 1669024152 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  gray/bolshevik.temp
- Size
  
  1.0MB
- MD5
  
  8b44da444bf63b5aef90137ee07e8df1
- SHA1
  
  e32a71f08b5fde9574c2d2edd32d7e7b7aef648f
- SHA256
  
  c8f1cb2ff9644a09d2c5d8af2de27dd9bee13065ec429a7710a1ee0d9418afc3
- SHA512
  
  ee84d0fe831851ff79c260ab6cdba308ca95ef08c3467c69eae753bbafeecfd236582b4e2a3ad278a66c6ee8be48cc7168fabc9f05c2e48e4b8fafdf167d9db8
- SSDEEP
  
  24576:WspkSUYg05qQg7/w6NJTgqLlIAeRwgQAwgQAFK:KSUY/5qQvcgE+AeRwgQAwgQAF
Score

10^/10

qakbot bb07 1669024152 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6