qakbot | ed9eb8eb848722a97589d9b849942323c5765b1683dd5da8e7e5d371857bab3f

General

Target

FT-745.iso
Size

690KB
Sample

221129-x58snahd39
MD5

bf8cf101895a33107b15b12e302d9ac5
SHA1

e9b06425079cce7b9bf41f78db9b1b20d1599a45
SHA256

ed9eb8eb848722a97589d9b849942323c5765b1683dd5da8e7e5d371857bab3f
SHA512

8311999ebc8eb9330025148b6f060a0aa2b3b09363456534bd6ad6c0b6717240201728076dc5f4419d4b7f654e3764f077f16bfe1a86dd24d855c19e85909333
SSDEEP

12288:4m1Mcw5EO6dHvDe0P3lx5EBto8BkfzNbuTyGrC6N2c2mcsAMzRGBRA4cZD:7MFEO6dHvDe0P335EXpUNSleQ2cYCGLc

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

BB08

Campaign

1669628564

C2

98.147.155.235:443

85.52.73.34:2222

75.158.15.211:443

2.91.184.252:995

92.106.70.62:2222

85.152.152.46:443

86.159.48.25:2222

217.128.91.196:2222

92.11.189.236:2222

83.92.85.93:443

2.83.62.105:443

93.24.192.142:20

76.20.42.45:443

24.64.114.59:2078

73.36.196.11:443

130.43.99.103:995

172.117.139.142:995

100.16.107.117:443

12.172.173.82:22

176.151.15.101:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  AS.js
- Size
  
  135B
- MD5
  
  ec073445922ae277e99c34cb42a56246
- SHA1
  
  8d8afce26adec5c115eb7e1c135909bd781cd06b
- SHA256
  
  dcfceeb23d3bddb384b1d18a0802b369ac1f6e5fda413b091620a5e177007480
- SHA512
  
  388527b797babd2e4a02e9b6a9642e41fb5ce8fe7c59630145c96e23037ca94beaa7a5466e66e8025e4050ec10013f3c5ae3b0ca9fa0ef93eba8576548a9f0d2
Score

10^/10

qakbot bb08 1669628564 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  fix/compulsory.ps1
- Size
  
  367B
- MD5
  
  238a779439fe3ff99e02994b7ef9e0cd
- SHA1
  
  4908b263ba671ea2bed443199f8a6fbeafe30257
- SHA256
  
  e5c003b13120d97c6a3d2b26442168e57a511a0c6ee5e924fba8aa1ff8135a01
- SHA512
  
  c959fe3d3461210cdb296c220b81fbea6846a40844daf68dd670173928deac695efecce533c93ef9eb59d63f80e9c6d7e95b5d37899d330fcf4beeea70d1cd61
Score

1^/10
behavioral3 behavioral4
- Target
  
  fix/losses.js
- Size
  
  135B
- MD5
  
  ec073445922ae277e99c34cb42a56246
- SHA1
  
  8d8afce26adec5c115eb7e1c135909bd781cd06b
- SHA256
  
  dcfceeb23d3bddb384b1d18a0802b369ac1f6e5fda413b091620a5e177007480
- SHA512
  
  388527b797babd2e4a02e9b6a9642e41fb5ce8fe7c59630145c96e23037ca94beaa7a5466e66e8025e4050ec10013f3c5ae3b0ca9fa0ef93eba8576548a9f0d2
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral5 behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

4

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Loads dropped DLL

Checks computer location settings

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6