qakbot | dc32ec9f491669fd0748d31c67d23448a4f1f7394a238cdb1f03664d9ef5da26

General

Target

OA-249.iso
Size

690KB
Sample

221129-sgn15adf3v
MD5

bb4a4f157b309536bf972eb1ed7b3077
SHA1

9166b6b80b7ec346777a2358721cb4b19586c1ee
SHA256

dc32ec9f491669fd0748d31c67d23448a4f1f7394a238cdb1f03664d9ef5da26
SHA512

c619f3f06796fed0739cfd6ba0aa2e7f3842fb6add9bbad1d7a9263b6ff451a23f567e2bb48d25ff3147bd2a7220f04506eda4438c322c5bfc88440e5e57bca0
SSDEEP

12288:0m1Mcw5EO6dHvDe0P3lx5EBto8BkfzNbuTyGrC6N2c2mcsAMzRGBRA4cZD:vMFEO6dHvDe0P335EXpUNSleQ2cYCGLc

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

BB08

Campaign

1669628564

C2

98.147.155.235:443

85.52.73.34:2222

75.158.15.211:443

2.91.184.252:995

92.106.70.62:2222

85.152.152.46:443

86.159.48.25:2222

217.128.91.196:2222

92.11.189.236:2222

83.92.85.93:443

2.83.62.105:443

93.24.192.142:20

76.20.42.45:443

24.64.114.59:2078

73.36.196.11:443

130.43.99.103:995

172.117.139.142:995

100.16.107.117:443

12.172.173.82:22

176.151.15.101:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  AS.js
- Size
  
  130B
- MD5
  
  d45de1d6abf46a16eaf2f04e0b1436df
- SHA1
  
  b970f186ce13bf1260cf1c8065fd5fa2efc5da10
- SHA256
  
  a4f87d1482948443a445ae430002bb3e21250d03f3261061c73a40f01a7f4afd
- SHA512
  
  1d728b84fc908d1e9edc9e2e504a91781bc0d4854c2c1124586bcdb2cd70275beabcb37a970599ffde6ae2b485be473dd90ac6b1d4268a815423c166ae31d219
Score

10^/10

qakbot bb08 1669628564 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  fix/impenitence.js
- Size
  
  130B
- MD5
  
  d45de1d6abf46a16eaf2f04e0b1436df
- SHA1
  
  b970f186ce13bf1260cf1c8065fd5fa2efc5da10
- SHA256
  
  a4f87d1482948443a445ae430002bb3e21250d03f3261061c73a40f01a7f4afd
- SHA512
  
  1d728b84fc908d1e9edc9e2e504a91781bc0d4854c2c1124586bcdb2cd70275beabcb37a970599ffde6ae2b485be473dd90ac6b1d4268a815423c166ae31d219
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  fix/lists.ps1
- Size
  
  378B
- MD5
  
  fafafcce585920be78cb3684595bcc6e
- SHA1
  
  3f42f4c6320ae4f38aae6c9e9f87e47ccc979bd0
- SHA256
  
  e678af2cc55046caf992f96fbee8d316134ab77132349631c0723c2f8c631f30
- SHA512
  
  1dd06abc2483d40e451c72d2dab6644c7866bd423a12e36e0aee655e73eb18693d987841cf9aea0df18a6ba74ac73664aae5667629e3cde95c1a8694a2892a8d
Score

1^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Loads dropped DLL

Checks computer location settings

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6