qakbot | 8f974baab53f9cdf8ac1b5ab044d237aff6792384f086b02bd2437fa4d8d3326

General

Target

CF-756.iso
Size

690KB
Sample

221129-venzfsgc44
MD5

eaf46543bdb621192f58c86b3cfa26b5
SHA1

525fb4dc1891c075de23333042eb4e1c72769b3c
SHA256

8f974baab53f9cdf8ac1b5ab044d237aff6792384f086b02bd2437fa4d8d3326
SHA512

a7eee76400c022ac0d0e31f4d0700061249b6110c9e7443a171e4bf7f2f2ed70100f2acdd74038714600706d74d7cb8bda398d76e4118559a520ee9b0d400d4f
SSDEEP

12288:Gm1Mcw5EO6dHvDe0P3lx5EBto8BkfzNbuTyGrC6N2c2mcsAMzRGBRA4cZD:1MFEO6dHvDe0P335EXpUNSleQ2cYCGLc

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

BB08

Campaign

1669628564

C2

98.147.155.235:443

85.52.73.34:2222

75.158.15.211:443

2.91.184.252:995

92.106.70.62:2222

85.152.152.46:443

86.159.48.25:2222

217.128.91.196:2222

92.11.189.236:2222

83.92.85.93:443

2.83.62.105:443

93.24.192.142:20

76.20.42.45:443

24.64.114.59:2078

73.36.196.11:443

130.43.99.103:995

172.117.139.142:995

100.16.107.117:443

12.172.173.82:22

176.151.15.101:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  AS.js
- Size
  
  135B
- MD5
  
  7a3b0b89b6ef17327d9d60df0d620e47
- SHA1
  
  c42a57950846b4750dfe7920cfb5eec1b30e46f7
- SHA256
  
  9fbb7440780ceef5e79644d21237461c166605a6588043e69923cb420e0b6d42
- SHA512
  
  31c172c42026e6f05102094d4c6d1fb5a2f2082e8e470e665029150e6163e42bcad02b4995d2cf506d369b94380d06cd70e40e94b5f7fd2e45184bbcfae7b7c4
Score

10^/10

qakbot bb08 1669628564 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  fix/inimicable.ps1
- Size
  
  375B
- MD5
  
  19df978eea48893f7660a7780d758c76
- SHA1
  
  df345ac42ef270fe4da4c5220e377e26999624d4
- SHA256
  
  be00e2c2865435f34a4163b68a12c9caa24489304a77e356971ae39d566f0a3b
- SHA512
  
  b892c8bcf8355cc837123664a085877db643aa8321d58fb2b5445326246ca1815cb2b36d565cf62a9b4d618f023f7ec012486b8d5de09add2eda2695fbe876db
Score

1^/10
behavioral3 behavioral4
- Target
  
  fix/tributarily.js
- Size
  
  135B
- MD5
  
  7a3b0b89b6ef17327d9d60df0d620e47
- SHA1
  
  c42a57950846b4750dfe7920cfb5eec1b30e46f7
- SHA256
  
  9fbb7440780ceef5e79644d21237461c166605a6588043e69923cb420e0b6d42
- SHA512
  
  31c172c42026e6f05102094d4c6d1fb5a2f2082e8e470e665029150e6163e42bcad02b4995d2cf506d369b94380d06cd70e40e94b5f7fd2e45184bbcfae7b7c4
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral5 behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

4

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Loads dropped DLL

Checks computer location settings

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6