qakbot | 71bdafbc74b249740cf4f9322d26e06ba15115565d31bc3e9357dbfb8b9a59e1

General

Target

DP-276.iso
Size

690KB
Sample

221129-3jgpyahb87
MD5

b1b7aa19081f46d42f960c3519870ad4
SHA1

c0a6d25ebd5663a42af97806a7632034fa43aa4e
SHA256

71bdafbc74b249740cf4f9322d26e06ba15115565d31bc3e9357dbfb8b9a59e1
SHA512

fe9362b3ddf64f916c5cdc593e582a890df69efb4f84784e4fdd0e66ff63aaaf28b64e9e994f047b6d569714a94c71654e6cb4f81fa176539cb5fff51abace76
SSDEEP

12288:Sm1Mcw5EO6dHvDe0P3lx5EBto8BkfzNbuTyGrC6N2c2mcsAMzRGBRA4cZD:pMFEO6dHvDe0P335EXpUNSleQ2cYCGLc

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

BB08

Campaign

1669628564

C2

98.147.155.235:443

85.52.73.34:2222

75.158.15.211:443

2.91.184.252:995

92.106.70.62:2222

85.152.152.46:443

86.159.48.25:2222

217.128.91.196:2222

92.11.189.236:2222

83.92.85.93:443

2.83.62.105:443

93.24.192.142:20

76.20.42.45:443

24.64.114.59:2078

73.36.196.11:443

130.43.99.103:995

172.117.139.142:995

100.16.107.117:443

12.172.173.82:22

176.151.15.101:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  AS.js
- Size
  
  133B
- MD5
  
  4647d230fa2ec9198540c578f8209eea
- SHA1
  
  fb84845fc51c3c715773ab241268ca4fc3887e59
- SHA256
  
  489812fdbda09d7747448fc9742e1c7d5fea46bd08236059cb5bf14a4683e24b
- SHA512
  
  2bdff43bf7afa9ad8083260896d746b7a608815193e38da2b2a3868bfc5a128662913877df9b68527125d6ed53dd595753222f75ee4854cf14faa1f17eb7e15b
Score

10^/10

qakbot bb08 1669628564 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  fix/glimpsed.ps1
- Size
  
  376B
- MD5
  
  79622867fd00d2ba17146086bfb1c26d
- SHA1
  
  5b65ea5a3200eb810adbad875bee2b7ac4ba90e8
- SHA256
  
  6d4127d7e7ef68ec872c0789b7c018bace75628f3fb848b6f41d072074446483
- SHA512
  
  fcc2199851ef8c5efa392729dd24654c58d0db3fba7d2921d668cd9a454acd336c6e3d5c3e8dbd94aed837e02daf667cf822c289815fcf18db93de9e4978fed5
Score

1^/10
behavioral3 behavioral4
- Target
  
  fix/nifty.js
- Size
  
  133B
- MD5
  
  4647d230fa2ec9198540c578f8209eea
- SHA1
  
  fb84845fc51c3c715773ab241268ca4fc3887e59
- SHA256
  
  489812fdbda09d7747448fc9742e1c7d5fea46bd08236059cb5bf14a4683e24b
- SHA512
  
  2bdff43bf7afa9ad8083260896d746b7a608815193e38da2b2a3868bfc5a128662913877df9b68527125d6ed53dd595753222f75ee4854cf14faa1f17eb7e15b
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral5 behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

4

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Loads dropped DLL

Checks computer location settings

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6