qakbot | e8d3a989dd5bc39bc775c3f1d2be74487e8dbf7333189eab69fa53b0931988a9

General

Target

BL-456.iso
Size

690KB
Sample

221129-tv4t6see54
MD5

ac61ece8ed54cdac81a931072b0369ac
SHA1

7b4a977f3220faf27f0b2cc51aa61c5ad2fd6597
SHA256

e8d3a989dd5bc39bc775c3f1d2be74487e8dbf7333189eab69fa53b0931988a9
SHA512

9c203e29ba67be5a41b8fba24cd519a8dcf2dc0d39c91edb11fbb3a81b116c7b070997e6d26b75a5cfa0cbd5a5e815422076efd616eaa47d5aa519650a600e4d
SSDEEP

12288:im1Mcw5EO6dHvDe0P3lx5EBto8BkfzNbuTyGrC6N2c2mcsAMzRGBRA4cZD:ZMFEO6dHvDe0P335EXpUNSleQ2cYCGLc

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

BB08

Campaign

1669628564

C2

98.147.155.235:443

85.52.73.34:2222

75.158.15.211:443

2.91.184.252:995

92.106.70.62:2222

85.152.152.46:443

86.159.48.25:2222

217.128.91.196:2222

92.11.189.236:2222

83.92.85.93:443

2.83.62.105:443

93.24.192.142:20

76.20.42.45:443

24.64.114.59:2078

73.36.196.11:443

130.43.99.103:995

172.117.139.142:995

100.16.107.117:443

12.172.173.82:22

176.151.15.101:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  AS.js
- Size
  
  136B
- MD5
  
  a0fce6a73985e5e383037250a52684bc
- SHA1
  
  94b19b04e4a1d878a92a366601750a38a11b88b8
- SHA256
  
  3a11f938f6e4b11f19f4c2242245bcc28ebb0cab197520e0e91f137c9dab71d3
- SHA512
  
  861e3919da7db8f1b9f5a5889ee819e05db0d3c79c41cda874fbb8eb3e69de76bf43e5242526e6417113b91f99afc96e5cdfec48e2147b1d468ed34a1d6ce1a7
Score

10^/10

qakbot bb08 1669628564 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  fix/pretensions.ps1
- Size
  
  374B
- MD5
  
  6f6fe255da507e428e33ab07640c0d2d
- SHA1
  
  13071243a33a210f1a369e338cfc4af035d4722c
- SHA256
  
  6702d98c1e67a5eae3c1a29646286d327529fef82efc7864ae646bb4bef87262
- SHA512
  
  7fc02bd2071fdea7b1519035fa3f3b8a251d641a2539400efded8439e953871a178444e7890b1e6ca901d10372859c787fbb567efd65e8d39c8aba6089c4cf8e
Score

1^/10
behavioral3 behavioral4
- Target
  
  fix/unforseen.js
- Size
  
  136B
- MD5
  
  a0fce6a73985e5e383037250a52684bc
- SHA1
  
  94b19b04e4a1d878a92a366601750a38a11b88b8
- SHA256
  
  3a11f938f6e4b11f19f4c2242245bcc28ebb0cab197520e0e91f137c9dab71d3
- SHA512
  
  861e3919da7db8f1b9f5a5889ee819e05db0d3c79c41cda874fbb8eb3e69de76bf43e5242526e6417113b91f99afc96e5cdfec48e2147b1d468ed34a1d6ce1a7
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Loads dropped DLL

Checks computer location settings

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6