qakbot | f2ea340a6eaa561e9fa571b190944ba053012f400c0bd82af7ce3d20507e2e2a

General

Target

NV-508.iso
Size

690KB
Sample

221129-vy4t1sab38
MD5

7826b2203e3e98a13f4ed06d0ca39ee4
SHA1

3b17ee803e75a02334459abb9b1176a004af8f3c
SHA256

f2ea340a6eaa561e9fa571b190944ba053012f400c0bd82af7ce3d20507e2e2a
SHA512

a63220989f98b2287577f1cd5eea39e39342fcb84868932a380f63df0ba5ecb967f3f07414e89fc2abf162b4cf6f595922cb3e695fb39b3e9445fe0ab04dc07f
SSDEEP

12288:Um1Mcw5EO6dHvDe0P3lx5EBto8BkfzNbuTyGrC6N2c2mcsAMzRGBRA4cZDA:PMFEO6dHvDe0P335EXpUNSleQ2cYCGLx

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

BB08

Campaign

1669628564

C2

98.147.155.235:443

85.52.73.34:2222

75.158.15.211:443

2.91.184.252:995

92.106.70.62:2222

85.152.152.46:443

86.159.48.25:2222

217.128.91.196:2222

92.11.189.236:2222

83.92.85.93:443

2.83.62.105:443

93.24.192.142:20

76.20.42.45:443

24.64.114.59:2078

73.36.196.11:443

130.43.99.103:995

172.117.139.142:995

100.16.107.117:443

12.172.173.82:22

176.151.15.101:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  AS.js
- Size
  
  132B
- MD5
  
  442247b350fdf14d8d5b14723769fddb
- SHA1
  
  1c8336b65a320618fb863f3d8c3c9322cce0d0cf
- SHA256
  
  17c790ef2945243bcda274f5a2f117efab6faf94fb394fc4fc97e79be0685dda
- SHA512
  
  2d121c048c41aee30af107dcf7cb4fff77a2e54707b042339ea349b1fe00a8402fc18d52d5557d89840d04db92ee9681f344ebbe19d96b1489efff7e0f4b93c6
Score

10^/10

qakbot bb08 1669628564 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  fix/bluffer.ps1
- Size
  
  371B
- MD5
  
  125800de40408e58ec84a8605554e7b0
- SHA1
  
  8bd9500db14f4c9f1f4b77ed1b295f63b5ff28ec
- SHA256
  
  73525b8463cea42ff3f528e718644d79b92c614976ef4d46d8a84b333c35eba7
- SHA512
  
  5c9e34964d406995e714ae234f06e44b7a69fdc044cd9b20d396aa29af6ad792cedfa4f564babd28b4a191cd54dc5f054526b01f010ebf9249038dda67238b1e
Score

1^/10
behavioral3 behavioral4
- Target
  
  fix/consumed.js
- Size
  
  132B
- MD5
  
  442247b350fdf14d8d5b14723769fddb
- SHA1
  
  1c8336b65a320618fb863f3d8c3c9322cce0d0cf
- SHA256
  
  17c790ef2945243bcda274f5a2f117efab6faf94fb394fc4fc97e79be0685dda
- SHA512
  
  2d121c048c41aee30af107dcf7cb4fff77a2e54707b042339ea349b1fe00a8402fc18d52d5557d89840d04db92ee9681f344ebbe19d96b1489efff7e0f4b93c6
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral5 behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

4

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Loads dropped DLL

Checks computer location settings

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6