qakbot | 124cc3d3c5991ea8a73301ce2f9f8d775bc6920db4fd51b1ea4c87ecd89edb56

General

Target

MS-360.iso
Size

690KB
Sample

221129-ypwntsed4v
MD5

e617b81764225cd226696e658b07a636
SHA1

f0400bd2aca9f9770f2185fd81aee1373a11a3ee
SHA256

124cc3d3c5991ea8a73301ce2f9f8d775bc6920db4fd51b1ea4c87ecd89edb56
SHA512

64e97d7396cb2ac7263cf15721682160c6f45142b10bc0ec74fcbc2bafb586f1717cd5e300741f9c2f0395afd9e9ea789d85d62fc2f922affb021c1e3d17863b
SSDEEP

12288:3m1Mcw5EO6dHvDe0P3lx5EBto8BkfzNbuTyGrC6N2c2mcsAMzRGBRA4cZDA:EMFEO6dHvDe0P335EXpUNSleQ2cYCGLx

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

BB08

Campaign

1669628564

C2

98.147.155.235:443

85.52.73.34:2222

75.158.15.211:443

2.91.184.252:995

92.106.70.62:2222

85.152.152.46:443

86.159.48.25:2222

217.128.91.196:2222

92.11.189.236:2222

83.92.85.93:443

2.83.62.105:443

93.24.192.142:20

76.20.42.45:443

24.64.114.59:2078

73.36.196.11:443

130.43.99.103:995

172.117.139.142:995

100.16.107.117:443

12.172.173.82:22

176.151.15.101:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  AS.js
- Size
  
  133B
- MD5
  
  532ec28e10d35bd4fae4a524c96d661d
- SHA1
  
  714c4eea3ecd572191df7087ef3173aaa31f2bcc
- SHA256
  
  db4541821c274f53e098f5301260fe56e51da6e4e1bd2868a1134e0898f0c00a
- SHA512
  
  bac9d1365fdf38c4b5ca458c332565e5298e1d2e58b5f6d926457886c2bc770d8ecb48a2008ca459f8d7b5824bed79e91e5ce02a6f25c20f677ed1e3fa04fc14
Score

10^/10

qakbot bb08 1669628564 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  fix/annually.ps1
- Size
  
  375B
- MD5
  
  4805c032d5d49c79b0a1b3ad6804fc28
- SHA1
  
  1138e64e4e295ba987c27fbff544c8469f9d8cb1
- SHA256
  
  ac83785a297e3682699e36b2de839acc4228953cf323312d8af8a10016d517a0
- SHA512
  
  2ea3780ef0eeede995155bfe2b7741e16d75081546725964a36ff85fd95efbd2236d5aa7bb308cb520cf63afe74f8f1cf189e4bd20c21f8ec6c060d4d0982d3c
Score

1^/10
behavioral3 behavioral4
- Target
  
  fix/auspiciously.js
- Size
  
  133B
- MD5
  
  532ec28e10d35bd4fae4a524c96d661d
- SHA1
  
  714c4eea3ecd572191df7087ef3173aaa31f2bcc
- SHA256
  
  db4541821c274f53e098f5301260fe56e51da6e4e1bd2868a1134e0898f0c00a
- SHA512
  
  bac9d1365fdf38c4b5ca458c332565e5298e1d2e58b5f6d926457886c2bc770d8ecb48a2008ca459f8d7b5824bed79e91e5ce02a6f25c20f677ed1e3fa04fc14
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral5 behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

4

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Loads dropped DLL

Checks computer location settings

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6