qakbot | 60ec6016e755fe7939b9707e0a41bc1c7c12e9279ca34331057269c9e73be381

General

Target

DA-376.iso
Size

690KB
Sample

221129-n14tgaac2s
MD5

d09db658b50b5618e8b875a8f1043600
SHA1

3fb4fedf5e42fc03e4df35b1435f81de9077c597
SHA256

60ec6016e755fe7939b9707e0a41bc1c7c12e9279ca34331057269c9e73be381
SHA512

6cd7b51e3a56c979742cecebb5d737e0191418afd2521e2eef589895820f85cf20c4eca8656ab9e77c310de95ccfb547406418994bd7a33bf458e68b3d02017b
SSDEEP

12288:8m1Mcw5EO6dHvDe0P3lx5EBto8BkfzNbuTyGrC6N2c2mcsAMzRGBRA4cZD:3MFEO6dHvDe0P335EXpUNSleQ2cYCGLc

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

BB08

Campaign

1669628564

C2

98.147.155.235:443

85.52.73.34:2222

75.158.15.211:443

2.91.184.252:995

92.106.70.62:2222

85.152.152.46:443

86.159.48.25:2222

217.128.91.196:2222

92.11.189.236:2222

83.92.85.93:443

2.83.62.105:443

93.24.192.142:20

76.20.42.45:443

24.64.114.59:2078

73.36.196.11:443

130.43.99.103:995

172.117.139.142:995

100.16.107.117:443

12.172.173.82:22

176.151.15.101:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  AS.js
- Size
  
  129B
- MD5
  
  815f217a8b2b8d7eef95542d11c1fef0
- SHA1
  
  0c84e7f4bccfd12b5fc2c24d57369c7c50a73173
- SHA256
  
  198afd6cd021f7b4a77102147ec9074af39bad496cc8ef099ad799ad8483b9a1
- SHA512
  
  a87010168f7433bacc91aeb49f8b53487da7412562808323b4bc5ff502a6174761585bce6da48b9a038362883188c25a3c05e6aca8701374b6f26c177137c425
Score

10^/10

qakbot bb08 1669628564 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  fix/cowl.ps1
- Size
  
  372B
- MD5
  
  a4c8c036554ea25d5ac87e0a29c5ef26
- SHA1
  
  f18c585985f8968cfb69bcb2b3143918ea542b6d
- SHA256
  
  5d9fb9c3365714b149cec1a109162e04c78d0b818e95341df296663c225eff5f
- SHA512
  
  7c0c7b44c8d509330302bf77d22a7c7e0d4f9de9ae3b8c6a3bc72153cd95c7ee658da6c49e897976bd4b43623d0dbe770df52526abb7bc85f81effc39fe4ba3d
Score

1^/10
behavioral3 behavioral4
- Target
  
  fix/fasteners.js
- Size
  
  129B
- MD5
  
  815f217a8b2b8d7eef95542d11c1fef0
- SHA1
  
  0c84e7f4bccfd12b5fc2c24d57369c7c50a73173
- SHA256
  
  198afd6cd021f7b4a77102147ec9074af39bad496cc8ef099ad799ad8483b9a1
- SHA512
  
  a87010168f7433bacc91aeb49f8b53487da7412562808323b4bc5ff502a6174761585bce6da48b9a038362883188c25a3c05e6aca8701374b6f26c177137c425
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral5 behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

4

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Loads dropped DLL

Checks computer location settings

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6