qakbot | 7f694a4fe0cac04027b1b81d634eeba8b9b7f37f801721a885ef9e1392d5f403

General

Target

HW-816.iso
Size

690KB
Sample

221129-fv5vksha23
MD5

eec02873e348d420c9bf6972689122bc
SHA1

02bc9166013b491335629ef7ef670c007e822f74
SHA256

7f694a4fe0cac04027b1b81d634eeba8b9b7f37f801721a885ef9e1392d5f403
SHA512

9a65c6f0f290d8ad56546c0f9990acf6c3e14789517d1cbf5a360c0703f7f5056d5cfc3e51628d5b7868f2a3dc244022dc16a339e216a190f285eeec52d004f7
SSDEEP

12288:Jm1Mcw5EO6dHvDe0P3lx5EBto8BkfzNbuTyGrC6N2c2mcsAMzRGBRA4cZD:iMFEO6dHvDe0P335EXpUNSleQ2cYCGLc

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

BB08

Campaign

1669628564

C2

98.147.155.235:443

85.52.73.34:2222

75.158.15.211:443

2.91.184.252:995

92.106.70.62:2222

85.152.152.46:443

86.159.48.25:2222

217.128.91.196:2222

92.11.189.236:2222

83.92.85.93:443

2.83.62.105:443

93.24.192.142:20

76.20.42.45:443

24.64.114.59:2078

73.36.196.11:443

130.43.99.103:995

172.117.139.142:995

100.16.107.117:443

12.172.173.82:22

176.151.15.101:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  AS.js
- Size
  
  130B
- MD5
  
  b4f55e16ea2a695512c151c9c994733d
- SHA1
  
  211c14ea90f9d5d6ff033257a795b13ef5a05be0
- SHA256
  
  bf97f591e6d9ec0dbb91f5c937c74f53c3307b22095b2e1908540590b114932f
- SHA512
  
  9adf71c261472e8f9a99a22d742172c5cc6161c83caca70a66847eb48e7642c1e33db735202dc6d124b803c3c2a187155a468457a2d0242578093e4c11df26d8
Score

10^/10

qakbot bb08 1669628564 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  fix/calipers.js
- Size
  
  130B
- MD5
  
  b4f55e16ea2a695512c151c9c994733d
- SHA1
  
  211c14ea90f9d5d6ff033257a795b13ef5a05be0
- SHA256
  
  bf97f591e6d9ec0dbb91f5c937c74f53c3307b22095b2e1908540590b114932f
- SHA512
  
  9adf71c261472e8f9a99a22d742172c5cc6161c83caca70a66847eb48e7642c1e33db735202dc6d124b803c3c2a187155a468457a2d0242578093e4c11df26d8
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  fix/soapy.ps1
- Size
  
  380B
- MD5
  
  a95994f64d98fe3150d1bfd64faaeb33
- SHA1
  
  59ccc5d980e1aaf3452f3899762f91fb050b0da5
- SHA256
  
  1aad9e1057dec6f512e034b684620257a9401c5819ade9235587fb59970a0360
- SHA512
  
  7b6a9bedcb4ab7edafdec046257859b55e9a10015f7c7b482fb359bf7e3925ec29587a453876cf3034f7b81822404c21f67b8bc2ebc3364d9360a44df8ae9ae7
Score

1^/10
behavioral5 behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

4

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Loads dropped DLL

Checks computer location settings

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6