qakbot | cf75b059308d3a190d33d02834c254c6c8bccc4013decf103ba58d045eafc978

General

Target

RG-608.iso
Size

690KB
Sample

221129-tbkbesda84
MD5

6e8287591fe8a8961a9f65aa8b25b0ab
SHA1

a4dc3bcbc85b89a77d87a45575da04e278b4b7f5
SHA256

cf75b059308d3a190d33d02834c254c6c8bccc4013decf103ba58d045eafc978
SHA512

06fdbe0a63b44f258e098400a73dc0295dac45ad56e48100e8951086fc0a5963d29206cfec8a3caf85bdc6f9c92b7bfee57e7c5ca1ff7272fa55d3aa39a67619
SSDEEP

12288:+m1Mcw5EO6dHvDe0P3lx5EBto8BkfzNbuTyGrC6N2c2mcsAMzRGBRA4cZD:NMFEO6dHvDe0P335EXpUNSleQ2cYCGLc

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

BB08

Campaign

1669628564

C2

98.147.155.235:443

85.52.73.34:2222

75.158.15.211:443

2.91.184.252:995

92.106.70.62:2222

85.152.152.46:443

86.159.48.25:2222

217.128.91.196:2222

92.11.189.236:2222

83.92.85.93:443

2.83.62.105:443

93.24.192.142:20

76.20.42.45:443

24.64.114.59:2078

73.36.196.11:443

130.43.99.103:995

172.117.139.142:995

100.16.107.117:443

12.172.173.82:22

176.151.15.101:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  AS.js
- Size
  
  134B
- MD5
  
  fff4d5e76a8b38f4757921fce01517b5
- SHA1
  
  a820c1bf5f012a1e6605655493922fa9e35c8aa1
- SHA256
  
  ff13185e7882065099507f8277dc56a81abae8b794ff4fa4a2b20da545a93060
- SHA512
  
  dd8711e675a50ace49cb0b59da4bbf210b83124bf9bc3970f887decffc2f183571746f0b6ea9974baa884d575dfb5e7736ebed9f8778fc1fba21b52abaa2ad5e
Score

10^/10

qakbot bb08 1669628564 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  fix/moccasins.ps1
- Size
  
  372B
- MD5
  
  2d5dbd94e07d7e8ca003977989c61e56
- SHA1
  
  0ab5782a444e94133f58a42b067b71c70b7d504b
- SHA256
  
  f50a9816c39b9853a0177256772ac650fc9890767a945426b9fa72a6cd900ee7
- SHA512
  
  13c75eaade88cc17d77e57dbb1ff41c16ab2bb15f3bc3fb03e604f739eb89d86df7af425aa19715419523790a1f756152629860a6106d6e24371b4ea2c329b56
Score

1^/10
behavioral3 behavioral4
- Target
  
  fix/ovation.js
- Size
  
  134B
- MD5
  
  fff4d5e76a8b38f4757921fce01517b5
- SHA1
  
  a820c1bf5f012a1e6605655493922fa9e35c8aa1
- SHA256
  
  ff13185e7882065099507f8277dc56a81abae8b794ff4fa4a2b20da545a93060
- SHA512
  
  dd8711e675a50ace49cb0b59da4bbf210b83124bf9bc3970f887decffc2f183571746f0b6ea9974baa884d575dfb5e7736ebed9f8778fc1fba21b52abaa2ad5e
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral5 behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

4

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Loads dropped DLL

Checks computer location settings

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6