qakbot | 3d20de603c065973a83aef8353ae99f3e5af0c128418541551171b705568b697

General

Target

VR-345.iso
Size

690KB
Sample

221129-jvv7xsdg3y
MD5

caa97798b33def4463f5fb817a00f42e
SHA1

9fde90e2169cf4b9785911c095914622faeaa562
SHA256

3d20de603c065973a83aef8353ae99f3e5af0c128418541551171b705568b697
SHA512

0ef3ba56ba3856a93948c21c70a72cf16d2ebdcf7d0c74dee2b487519fe972fc018c35560d73ad37bd1706528b12fbe6b526fe68399914fc0fd6005cdbd1626b
SSDEEP

12288:Um1Mcw5EO6dHvDe0P3lx5EBto8BkfzNbuTyGrC6N2c2mcsAMzRGBRA4cZD:PMFEO6dHvDe0P335EXpUNSleQ2cYCGLc

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

BB08

Campaign

1669628564

C2

98.147.155.235:443

85.52.73.34:2222

75.158.15.211:443

2.91.184.252:995

92.106.70.62:2222

85.152.152.46:443

86.159.48.25:2222

217.128.91.196:2222

92.11.189.236:2222

83.92.85.93:443

2.83.62.105:443

93.24.192.142:20

76.20.42.45:443

24.64.114.59:2078

73.36.196.11:443

130.43.99.103:995

172.117.139.142:995

100.16.107.117:443

12.172.173.82:22

176.151.15.101:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  AS.js
- Size
  
  134B
- MD5
  
  f5df4fc70aacc91651614a3c84620713
- SHA1
  
  419557658e84af24f780a437d4d8715e825c7740
- SHA256
  
  a6836e529e130ed66c0b0a81891351368feb5aad4592533c95e2ca6b6e7389e2
- SHA512
  
  df54155f5c966243267de82c0ea04cb9ce6fe5d2905288a4d3a2ce7751e75bd63ee57ddd720c5f9afc01a29a6d7f3721b0b6edddd3715abcc6da4fe23c6f9e45
Score

10^/10

qakbot bb08 1669628564 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  fix/cloaks.js
- Size
  
  134B
- MD5
  
  f5df4fc70aacc91651614a3c84620713
- SHA1
  
  419557658e84af24f780a437d4d8715e825c7740
- SHA256
  
  a6836e529e130ed66c0b0a81891351368feb5aad4592533c95e2ca6b6e7389e2
- SHA512
  
  df54155f5c966243267de82c0ea04cb9ce6fe5d2905288a4d3a2ce7751e75bd63ee57ddd720c5f9afc01a29a6d7f3721b0b6edddd3715abcc6da4fe23c6f9e45
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  fix/dominical.ps1
- Size
  
  373B
- MD5
  
  e59e3c8fa1e1db3094a3897a7f3cc6ae
- SHA1
  
  6b6f5d60edcdf9c0f6275aa91b0bcd9a38021bd2
- SHA256
  
  bfc9f3bb15b821b1f4a1bf78a226689be9dd2ebb44a40faae733272db70cbbc6
- SHA512
  
  dfcd2affb54e2ac6b1fb66c3b5975b6ff32b7be42e23b1ebc4b028b1dd1fcc4beaeea3be9e9725a2843bce2b17a5f6b5d683c4f601b48cc94ea29ea5219073eb
Score

1^/10
behavioral5 behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

4

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Loads dropped DLL

Checks computer location settings

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6