qakbot | c62bad06cef065e8baee469fb0de8c34ce9b994cce656f1842e228bf903fda7d | Triage

Sharing

General

Target

AVC67.iso
Size

742KB
Sample

221128-qx1czscb7t
MD5

685f279b87a90a7fad35d2c36ac25b10
SHA1

767f16470c4bf219cb5d35226b1eec6ab93a6cca
SHA256

c62bad06cef065e8baee469fb0de8c34ce9b994cce656f1842e228bf903fda7d
SHA512

3fc74eebb8fabc7c06ee585c09ab54cdb3f3c9d6e01201770332f7ea0cee608589c12b3592a845b994e8fcd1356b740c5ad48d89b3d2ac841d509d91c1561326
SSDEEP

12288:FNCm1Mcw5EO6dHvDe0P3lx5EBto8BkfzNbuTyGrC6N2c2mcsAMzxGBRA4cZDNgvN:FN5MFEO6dHvDe0P335EXpUNSleQ2cYi8

Score

10^/10

qakbot bb08 1669628564 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

BB08

Campaign

1669628564

C2

98.147.155.235:443

85.52.73.34:2222

75.158.15.211:443

2.91.184.252:995

92.106.70.62:2222

85.152.152.46:443

86.159.48.25:2222

217.128.91.196:2222

92.11.189.236:2222

83.92.85.93:443

2.83.62.105:443

93.24.192.142:20

76.20.42.45:443

24.64.114.59:2078

73.36.196.11:443

130.43.99.103:995

172.117.139.142:995

100.16.107.117:443

12.172.173.82:22

176.151.15.101:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  AVC67.iso
- Size
  
  742KB
- MD5
  
  685f279b87a90a7fad35d2c36ac25b10
- SHA1
  
  767f16470c4bf219cb5d35226b1eec6ab93a6cca
- SHA256
  
  c62bad06cef065e8baee469fb0de8c34ce9b994cce656f1842e228bf903fda7d
- SHA512
  
  3fc74eebb8fabc7c06ee585c09ab54cdb3f3c9d6e01201770332f7ea0cee608589c12b3592a845b994e8fcd1356b740c5ad48d89b3d2ac841d509d91c1561326
- SSDEEP
  
  12288:FNCm1Mcw5EO6dHvDe0P3lx5EBto8BkfzNbuTyGrC6N2c2mcsAMzxGBRA4cZDNgvN:FN5MFEO6dHvDe0P335EXpUNSleQ2cYi8
Score

10^/10

qakbot bb08 1669628564 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

qakbotbb081669628564bankerstealertrojan