qakbot | c2f7eb3c717f9ca4cfa77ce1434fc3b983c34dad1dc9492ff17a78500367196f

General

Target

CV-301.iso
Size

690KB
Sample

221129-2z255saf7v
MD5

08316dfef077328bb6ebafb2a95cf87f
SHA1

b53261437a6e74e8e8efc40022e618dc5ed3613c
SHA256

c2f7eb3c717f9ca4cfa77ce1434fc3b983c34dad1dc9492ff17a78500367196f
SHA512

98f93c17b3fe63903255d76078fa22362839f2f5dae0ba046ce475e97a25b5c2442337335d02e6a4105115b3ad9097a51b0ad9ff4f0b8cc2560e16f0e0febe0e
SSDEEP

12288:Vm1Mcw5EO6dHvDe0P3lx5EBto8BkfzNbuTyGrC6N2c2mcsAMzRGBRA4cZD:WMFEO6dHvDe0P335EXpUNSleQ2cYCGLc

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

BB08

Campaign

1669628564

C2

98.147.155.235:443

85.52.73.34:2222

75.158.15.211:443

2.91.184.252:995

92.106.70.62:2222

85.152.152.46:443

86.159.48.25:2222

217.128.91.196:2222

92.11.189.236:2222

83.92.85.93:443

2.83.62.105:443

93.24.192.142:20

76.20.42.45:443

24.64.114.59:2078

73.36.196.11:443

130.43.99.103:995

172.117.139.142:995

100.16.107.117:443

12.172.173.82:22

176.151.15.101:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  AS.js
- Size
  
  131B
- MD5
  
  c20f8cd77b8a305bf3fe2734e9d646fb
- SHA1
  
  72621720559457741473fa5f3d90bf04b91288eb
- SHA256
  
  b403f4a0836ccc7eafa32f8e26ec77f50fad06472bd0d63f4f84aac9cb1d94db
- SHA512
  
  467a80970a92e40b046101b03b6b2142f32feab800d43d0a021d1d5c9097e3525aa9201594a42958e2dace2789f31984bf35db5e79d03443b7ffe427ab4e6fb9
Score

10^/10

qakbot bb08 1669628564 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  fix/owlish.ps1
- Size
  
  372B
- MD5
  
  5abcc3351a033f50f5d0ce3bf3ce2171
- SHA1
  
  c93ed4ad3da5b123b9d30c781f0fc5e5d7c39a60
- SHA256
  
  90247479b4d5889ebc69ecc9a838f3ea44afffdbdbac339d3b76155928899a01
- SHA512
  
  63b64b0129c496edf5db476ed3d0f6e1d61d8ad5be5fa2267541812dbed5c4fdff7a65c19dec7ede6d869720923bbb5f48f8714d79f258537633366f7ded90d6
Score

1^/10
behavioral3 behavioral4
- Target
  
  fix/squeamishness.js
- Size
  
  131B
- MD5
  
  c20f8cd77b8a305bf3fe2734e9d646fb
- SHA1
  
  72621720559457741473fa5f3d90bf04b91288eb
- SHA256
  
  b403f4a0836ccc7eafa32f8e26ec77f50fad06472bd0d63f4f84aac9cb1d94db
- SHA512
  
  467a80970a92e40b046101b03b6b2142f32feab800d43d0a021d1d5c9097e3525aa9201594a42958e2dace2789f31984bf35db5e79d03443b7ffe427ab4e6fb9
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral5 behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

4

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Loads dropped DLL

Checks computer location settings

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6