qakbot | 07b4430bee4ea392505c4215adcf542e34b37f16ac11e35c7b3338eaf11c9815

General

Target

ZM-792.iso
Size

690KB
Sample

221129-fg1cyaba8x
MD5

7c5fbb9db35097376a68a50f1c8ed3ea
SHA1

a488237407219e8395dd60fe5a725a7038a2b4ba
SHA256

07b4430bee4ea392505c4215adcf542e34b37f16ac11e35c7b3338eaf11c9815
SHA512

a4dea91723d7f4cd109626b750f5fccb9d9b91f54f001ef729beee902523fa78869a227e3a3a4140f1fbdf9eadac2fa7108eacce59d7fcc5665885182675eded
SSDEEP

12288:em1Mcw5EO6dHvDe0P3lx5EBto8BkfzNbuTyGrC6N2c2mcsAMzRGBRA4cZD:tMFEO6dHvDe0P335EXpUNSleQ2cYCGLc

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

BB08

Campaign

1669628564

C2

98.147.155.235:443

85.52.73.34:2222

75.158.15.211:443

2.91.184.252:995

92.106.70.62:2222

85.152.152.46:443

86.159.48.25:2222

217.128.91.196:2222

92.11.189.236:2222

83.92.85.93:443

2.83.62.105:443

93.24.192.142:20

76.20.42.45:443

24.64.114.59:2078

73.36.196.11:443

130.43.99.103:995

172.117.139.142:995

100.16.107.117:443

12.172.173.82:22

176.151.15.101:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  AS.js
- Size
  
  133B
- MD5
  
  a547936c13fc0f25f080b0fcdbc2fede
- SHA1
  
  612b902eb5833245914b74c5a77d05e933c9eedb
- SHA256
  
  e16252a8f37f9dc408dfaa99932d57e800d745b662894d5551ae2994e444d9df
- SHA512
  
  96e2b55a380ed284fc5f2b0de8709693f8a48708441b6c366128788bbcda1fef87f4bfc555be792a6967d9dfc433fb68627ecfc62b155327c7ee90b726e5b503
Score

10^/10

qakbot bb08 1669628564 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  fix/backlogs.ps1
- Size
  
  371B
- MD5
  
  fefd1656933426b67f7d386706fa8649
- SHA1
  
  f10dd69df4dc476328f63206ee50ab69d5177ca6
- SHA256
  
  cea4bb80a795490d0ffcbba3d581d1451bc5a2743ecb15f44f815c32196d3942
- SHA512
  
  b11c8cdc587ef8ae57d9a97afdd88756c606184e217c32073aab77f261239e19d9f689f8d5d5549560fa85dc587a153f3ab2c97cc5c55cae8a974df0978ddc6c
Score

1^/10
behavioral3 behavioral4
- Target
  
  fix/derangement.js
- Size
  
  133B
- MD5
  
  a547936c13fc0f25f080b0fcdbc2fede
- SHA1
  
  612b902eb5833245914b74c5a77d05e933c9eedb
- SHA256
  
  e16252a8f37f9dc408dfaa99932d57e800d745b662894d5551ae2994e444d9df
- SHA512
  
  96e2b55a380ed284fc5f2b0de8709693f8a48708441b6c366128788bbcda1fef87f4bfc555be792a6967d9dfc433fb68627ecfc62b155327c7ee90b726e5b503
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral5 behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

4

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Loads dropped DLL

Checks computer location settings

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6