qakbot | a6379bc3a4f77d3edc69d9bfc40e355cba3347b333e43d8cf79bc77f1d691880

General

Target

HY-526.iso
Size

690KB
Sample

221129-fxq47sce31
MD5

092038b6d6189ce774c40b91769a09d5
SHA1

ffde33894b0f2dc6747549107bcc30d6f85f233a
SHA256

a6379bc3a4f77d3edc69d9bfc40e355cba3347b333e43d8cf79bc77f1d691880
SHA512

d72226138ee4e5d68596bb538abc3686adeca1e901549ad2f7e1a5792e5a579925e320fe3062a7839eb8a01ade155699cb44fe1cabeb4b31492b5924ec6ee8c8
SSDEEP

12288:om1Mcw5EO6dHvDe0P3lx5EBto8BkfzNbuTyGrC6N2c2mcsAMzRGBRA4cZD:LMFEO6dHvDe0P335EXpUNSleQ2cYCGLc

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

BB08

Campaign

1669628564

C2

98.147.155.235:443

85.52.73.34:2222

75.158.15.211:443

2.91.184.252:995

92.106.70.62:2222

85.152.152.46:443

86.159.48.25:2222

217.128.91.196:2222

92.11.189.236:2222

83.92.85.93:443

2.83.62.105:443

93.24.192.142:20

76.20.42.45:443

24.64.114.59:2078

73.36.196.11:443

130.43.99.103:995

172.117.139.142:995

100.16.107.117:443

12.172.173.82:22

176.151.15.101:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  AS.js
- Size
  
  131B
- MD5
  
  6fe9519aa99f2b3c90b196bf2f027e9f
- SHA1
  
  5f6005844a17a18381860a9096c7318661e700f3
- SHA256
  
  1511e81e0a5262e28fcea3228980cf3ab7dee93ca5e151c0b3ad1d4a2c64226d
- SHA512
  
  e3fd04269ba26072fa586a8d4c453941d8d3af7186c070f2b13483ac473571e0d9489eb5ae9dbc6a508f0f53900329ca0b5bdf9454a6a17ce6f0a95c9ffa6924
Score

10^/10

qakbot bb08 1669628564 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  fix/detect.ps1
- Size
  
  375B
- MD5
  
  51d6d60ef6de8219522102e741ec642f
- SHA1
  
  374db83b2741f02051ee3f399d89a73365970183
- SHA256
  
  161e0b44a794c3310e5537db2123319f0bbc3c8b7281c9006e3211c719c67ab1
- SHA512
  
  36118b88a8f3d4d4a8b461c72f3de51c7af84f90a98e8a04f2eff22511e766a80e53176be049088e279b1484d679f3c3a9b301767d9446499e40b92bf0d27309
Score

1^/10
behavioral3 behavioral4
- Target
  
  fix/promoters.js
- Size
  
  131B
- MD5
  
  6fe9519aa99f2b3c90b196bf2f027e9f
- SHA1
  
  5f6005844a17a18381860a9096c7318661e700f3
- SHA256
  
  1511e81e0a5262e28fcea3228980cf3ab7dee93ca5e151c0b3ad1d4a2c64226d
- SHA512
  
  e3fd04269ba26072fa586a8d4c453941d8d3af7186c070f2b13483ac473571e0d9489eb5ae9dbc6a508f0f53900329ca0b5bdf9454a6a17ce6f0a95c9ffa6924
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Loads dropped DLL

Checks computer location settings

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6