qakbot | ffe034f15c454937f32c626e66a5daaf27725a1b366604b61f9fb01198b22d14

General

Target

RI-759.iso
Size

690KB
Sample

221129-1w5anabg37
MD5

168b26a8d4f4fc43f2b1795ee8384705
SHA1

469b0058becdc443e27c5d07550ab51a13f8fba5
SHA256

ffe034f15c454937f32c626e66a5daaf27725a1b366604b61f9fb01198b22d14
SHA512

d3ab478372b4de1bea3a52c6cac67d6aba7ff4fc3189e096e2263b5bc094f3426fce92ca68989e3f558296c751db6490d0e84a3a5542fc1afcbfeb3c0fc8f2de
SSDEEP

12288:1m1Mcw5EO6dHvDe0P3lx5EBto8BkfzNbuTyGrC6N2c2mcsAMzRGBRA4cZD:2MFEO6dHvDe0P335EXpUNSleQ2cYCGLc

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

BB08

Campaign

1669628564

C2

98.147.155.235:443

85.52.73.34:2222

75.158.15.211:443

2.91.184.252:995

92.106.70.62:2222

85.152.152.46:443

86.159.48.25:2222

217.128.91.196:2222

92.11.189.236:2222

83.92.85.93:443

2.83.62.105:443

93.24.192.142:20

76.20.42.45:443

24.64.114.59:2078

73.36.196.11:443

130.43.99.103:995

172.117.139.142:995

100.16.107.117:443

12.172.173.82:22

176.151.15.101:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  AS.js
- Size
  
  134B
- MD5
  
  ab6cae36c1497db02ca2fbab3045c7c5
- SHA1
  
  5a1ed7cafbe788325f3a42c769d1a17eb8c4bc13
- SHA256
  
  8d4d9aa5eb3401367c84882563b060b328c1b4bbc43589e3ff7c3ec797fdc9ae
- SHA512
  
  e22a861f53c0434dabcdb2dfa44304dedde4b3378caf11e4f8c3bdf2d7ca08e268bc413baa694d1a29aae537930ab6beed0510c4deacf1a87daba8accd0cf640
Score

10^/10

qakbot bb08 1669628564 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  fix/shareable.ps1
- Size
  
  370B
- MD5
  
  088202439bc5b1edbc9118c87fc11a06
- SHA1
  
  fbdc0e18625415e535f7cc01c3e2916da1f5d68c
- SHA256
  
  4677cee8cdfe912b2b6ac46611d2b4ea695204fa4fe60ca4105ee5ed11e6f634
- SHA512
  
  b02b7118b582955a6e77c489b5241218da1142efc6c53c57ce64de70e0e8dfb19b3cfe05f773296698899ffa421d4e76109e52fbec0f277d2a3479be5261c578
Score

1^/10
behavioral3 behavioral4
- Target
  
  fix/vouchsafe.js
- Size
  
  134B
- MD5
  
  ab6cae36c1497db02ca2fbab3045c7c5
- SHA1
  
  5a1ed7cafbe788325f3a42c769d1a17eb8c4bc13
- SHA256
  
  8d4d9aa5eb3401367c84882563b060b328c1b4bbc43589e3ff7c3ec797fdc9ae
- SHA512
  
  e22a861f53c0434dabcdb2dfa44304dedde4b3378caf11e4f8c3bdf2d7ca08e268bc413baa694d1a29aae537930ab6beed0510c4deacf1a87daba8accd0cf640
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Loads dropped DLL

Checks computer location settings

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6