qakbot | 125726d3f9feeed75f6d885a638d6671ca997cb1947f429d39bd332fcd35e7ce

General

Target

CT-369.iso
Size

690KB
Sample

221129-rx4wvahb85
MD5

b1f1001714450618075bd05b55697a6a
SHA1

f7dc2804a41489276779da408f3653754985e1cd
SHA256

125726d3f9feeed75f6d885a638d6671ca997cb1947f429d39bd332fcd35e7ce
SHA512

58f92bbf4f6f00d892c275660b11e555be9fc676d04b734cc4a9711a124383d742cd631508464abc177ff470370109696f99e9e387a80527a59b127c4878a8e3
SSDEEP

12288:Cm1Mcw5EO6dHvDe0P3lx5EBto8BkfzNbuTyGrC6N2c2mcsAMzRGBRA4cZD:5MFEO6dHvDe0P335EXpUNSleQ2cYCGLc

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

BB08

Campaign

1669628564

C2

98.147.155.235:443

85.52.73.34:2222

75.158.15.211:443

2.91.184.252:995

92.106.70.62:2222

85.152.152.46:443

86.159.48.25:2222

217.128.91.196:2222

92.11.189.236:2222

83.92.85.93:443

2.83.62.105:443

93.24.192.142:20

76.20.42.45:443

24.64.114.59:2078

73.36.196.11:443

130.43.99.103:995

172.117.139.142:995

100.16.107.117:443

12.172.173.82:22

176.151.15.101:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  AS.js
- Size
  
  130B
- MD5
  
  300bb01962624ef0a29b6354df98792f
- SHA1
  
  4d888eaed8831943ce303a6ec6d0d6e51b7a52d0
- SHA256
  
  14126e936822764017e17ef1502ac2e1efcd7e582bc76bb3609a2339e87c048f
- SHA512
  
  7dbe1c6ad71eff362b75c44cebfc6f752b30877eb9f895b2b5c2331a6e8d42b85f4cb853745e22762b9a6ec20535394edb156f34a2138b9da27eddae9fe5372c
Score

10^/10

qakbot bb08 1669628564 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  fix/mummy.ps1
- Size
  
  375B
- MD5
  
  dbf28894fb58ea26193c70b40a51fa1b
- SHA1
  
  ee5b9086bd687d118e290072a1b35c398d919fba
- SHA256
  
  290c540176f7349262548213d2d78d6813e585d8981b0a948e8c9f2fffbd1cbc
- SHA512
  
  a4413bf676d4991bd500200168a7dcffeec5a96ae4f6608c9fbf7bec70307e7f79108d61dbe4c207712403eae35d4f44d1f06cba28e8a2c87dd6aba4e53947a6
Score

1^/10
behavioral3 behavioral4
- Target
  
  fix/onsets.js
- Size
  
  130B
- MD5
  
  300bb01962624ef0a29b6354df98792f
- SHA1
  
  4d888eaed8831943ce303a6ec6d0d6e51b7a52d0
- SHA256
  
  14126e936822764017e17ef1502ac2e1efcd7e582bc76bb3609a2339e87c048f
- SHA512
  
  7dbe1c6ad71eff362b75c44cebfc6f752b30877eb9f895b2b5c2331a6e8d42b85f4cb853745e22762b9a6ec20535394edb156f34a2138b9da27eddae9fe5372c
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral5 behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

4

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Loads dropped DLL

Checks computer location settings

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6