qakbot | faacab70e93599e4bd87bb16be40e6aab5034e913986aa11aa6392f3c4e7af6f

General

Target

PJ-481.iso
Size

690KB
Sample

221129-y9e7ksdd36
MD5

8497ea27c241c9004dd1f8d8fbf43c56
SHA1

7e51aa6f90af005522a2ef5fff2f9b9ba2068db4
SHA256

faacab70e93599e4bd87bb16be40e6aab5034e913986aa11aa6392f3c4e7af6f
SHA512

f93767e35ae00b931016fb5d711dfea8d2f24e43f6bc908c18a8eee8559a471e0884a511654d514fe3218e46bc9a12a2e9811223df1c65d78fe0b0e774e45e8c
SSDEEP

12288:Vm1Mcw5EO6dHvDe0P3lx5EBto8BkfzNbuTyGrC6N2c2mcsAMzRGBRA4cZDA:WMFEO6dHvDe0P335EXpUNSleQ2cYCGLx

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

BB08

Campaign

1669628564

C2

98.147.155.235:443

85.52.73.34:2222

75.158.15.211:443

2.91.184.252:995

92.106.70.62:2222

85.152.152.46:443

86.159.48.25:2222

217.128.91.196:2222

92.11.189.236:2222

83.92.85.93:443

2.83.62.105:443

93.24.192.142:20

76.20.42.45:443

24.64.114.59:2078

73.36.196.11:443

130.43.99.103:995

172.117.139.142:995

100.16.107.117:443

12.172.173.82:22

176.151.15.101:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  AS.js
- Size
  
  132B
- MD5
  
  a7ed5526d693f7ec3c6a25d2860a8448
- SHA1
  
  a7e481e4eb45adc0675023f042a600292bcb6293
- SHA256
  
  a338a607c99311a3c1e3bdf4530a419b4217599e0fcd276c02191056154c3be1
- SHA512
  
  8c5ff00a934b75f8c38cc3218e635bd42e7f3088f17daaf5ad935082ab8e3c4cc8d47bd6325d5683b074d0037da1e3ae6044043a3ae3c6aa4d7242e5e0378cbd
Score

10^/10

qakbot bb08 1669628564 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  fix/archery.ps1
- Size
  
  379B
- MD5
  
  b29c2088d8e08cdbcf8a6986f30157b7
- SHA1
  
  f8463b7e9f83c3e77234e7fe066855a752de713a
- SHA256
  
  f3624087293ba86bbb2c2f619f012a8287c1b4b0aeead16ede208fa88fbdc6f5
- SHA512
  
  039c024ab4cd0938fc18b365ff7b9e38dd40cd474d3f76ced69f1079a6d3e6335508d93a4d79ef444d59fc4036be8c1bbb93e8cf414c14ab260d1d8b2dbfd0bd
Score

1^/10
behavioral3 behavioral4
- Target
  
  fix/collapses.js
- Size
  
  132B
- MD5
  
  a7ed5526d693f7ec3c6a25d2860a8448
- SHA1
  
  a7e481e4eb45adc0675023f042a600292bcb6293
- SHA256
  
  a338a607c99311a3c1e3bdf4530a419b4217599e0fcd276c02191056154c3be1
- SHA512
  
  8c5ff00a934b75f8c38cc3218e635bd42e7f3088f17daaf5ad935082ab8e3c4cc8d47bd6325d5683b074d0037da1e3ae6044043a3ae3c6aa4d7242e5e0378cbd
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Loads dropped DLL

Checks computer location settings

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6