qakbot | 501e90d690942737a5c6756efd9553e8c553455681a448a12483e6227073aa9d

General

Target

TY-756.zip
Size

384KB
Sample

221129-gva6mscd35
MD5

1da5f7cdaf51648ca6370a7c3be4788d
SHA1

a353510b2a43264a276361b68622be896f95f5af
SHA256

501e90d690942737a5c6756efd9553e8c553455681a448a12483e6227073aa9d
SHA512

cacd55040aea88a96cbbc81e6ff65c67296ec1faadbe131a28e95cda86f1e2526f6a1cf1a5bab270c03ca15c24f66561c59d93646f7b947fad8a46d33eed065c
SSDEEP

12288:7g1pbBmMnMGYUlSmqkR2lB6qcdWfe3+PvenASI5Le6M:49MGp7qpBEffArM

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

BB08

Campaign

1669628564

C2

98.147.155.235:443

85.52.73.34:2222

75.158.15.211:443

2.91.184.252:995

92.106.70.62:2222

85.152.152.46:443

86.159.48.25:2222

217.128.91.196:2222

92.11.189.236:2222

83.92.85.93:443

2.83.62.105:443

93.24.192.142:20

76.20.42.45:443

24.64.114.59:2078

73.36.196.11:443

130.43.99.103:995

172.117.139.142:995

100.16.107.117:443

12.172.173.82:22

176.151.15.101:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  AS.js
- Size
  
  138B
- MD5
  
  eea6049b9b99e426d7cec90efad09b2a
- SHA1
  
  7431fd7b9ceff2ca3ccd6d57c4ddbd6072d97788
- SHA256
  
  a1abe2c6dbccaaa6a04fbbc903043d2e2bb14e1534204ccbaf6b059ee754a2b0
- SHA512
  
  2002bc44d80d8c38e6fd1cd6daeb550a0ebe502163cab58648473f68e30e2a976c5e12948fd7da074b01999f6c3aa463b9088e29d63a631c2ce4fd790b9c4208
Score

10^/10

qakbot bb08 1669628564 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  fix/unwatermarked.ps1
- Size
  
  369B
- MD5
  
  ee1dae7f9bc8d29ac9de9c0482413600
- SHA1
  
  b8228275bd599badebaf9206f0328b2439f8599c
- SHA256
  
  056deb6e3f5de68f9ae2b1ed11f7d3d398a3488387294937bebcb0f8f847b5c9
- SHA512
  
  de24d1a6c95206d71ef0d75b1ea2f202b97ac168170809eab298be028c61374a989809e5ac0c6da84a3edd989a8dd166c21ac230e5c073e94181022886534b93
Score

1^/10
behavioral3 behavioral4
- Target
  
  fix/veronica.js
- Size
  
  138B
- MD5
  
  eea6049b9b99e426d7cec90efad09b2a
- SHA1
  
  7431fd7b9ceff2ca3ccd6d57c4ddbd6072d97788
- SHA256
  
  a1abe2c6dbccaaa6a04fbbc903043d2e2bb14e1534204ccbaf6b059ee754a2b0
- SHA512
  
  2002bc44d80d8c38e6fd1cd6daeb550a0ebe502163cab58648473f68e30e2a976c5e12948fd7da074b01999f6c3aa463b9088e29d63a631c2ce4fd790b9c4208
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Loads dropped DLL

Checks computer location settings

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6