qakbot | ff15b7ab8f909775961c1d3cacf21e4aea1981c1e1830cf38bfd2822e8328876

General

Target

ER-986.iso
Size

690KB
Sample

221129-zs1ydsag2t
MD5

10580b2ad5e6eaa094bd090d2dedabd8
SHA1

5a3ab648773ea506364bbc04c2ca7b683bd5b1e3
SHA256

ff15b7ab8f909775961c1d3cacf21e4aea1981c1e1830cf38bfd2822e8328876
SHA512

0219433060646935c894f263a6d0e91b95de59aafae83984f6aab61c0389b8701bbd85f89d30bf5cf622875efc0eb37672ce86b639f44867ffdaf8554b2fc85f
SSDEEP

12288:Ym1Mcw5EO6dHvDe0P3lx5EBto8BkfzNbuTyGrC6N2c2mcsAMzRGBRA4cZD:bMFEO6dHvDe0P335EXpUNSleQ2cYCGLc

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

BB08

Campaign

1669628564

C2

98.147.155.235:443

85.52.73.34:2222

75.158.15.211:443

2.91.184.252:995

92.106.70.62:2222

85.152.152.46:443

86.159.48.25:2222

217.128.91.196:2222

92.11.189.236:2222

83.92.85.93:443

2.83.62.105:443

93.24.192.142:20

76.20.42.45:443

24.64.114.59:2078

73.36.196.11:443

130.43.99.103:995

172.117.139.142:995

100.16.107.117:443

12.172.173.82:22

176.151.15.101:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  AS.js
- Size
  
  131B
- MD5
  
  173bac7422b091276ff2c147cca1ff57
- SHA1
  
  cf25a618c0cc4f57b3139973741d1879d7303306
- SHA256
  
  8b75440ac99b2fe294376684d48a86382bf17dbb8f17da86a330fc5690411573
- SHA512
  
  ef7f977f8c3be4d77c8fdb216f9a98d41ffc14153d88dde8a3a926c7619f150ec4a9ca36029c7be75931aa14992aea31d9b56bdfea848814e571198cfd8625f3
Score

10^/10

qakbot bb08 1669628564 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  fix/illumine.js
- Size
  
  131B
- MD5
  
  173bac7422b091276ff2c147cca1ff57
- SHA1
  
  cf25a618c0cc4f57b3139973741d1879d7303306
- SHA256
  
  8b75440ac99b2fe294376684d48a86382bf17dbb8f17da86a330fc5690411573
- SHA512
  
  ef7f977f8c3be4d77c8fdb216f9a98d41ffc14153d88dde8a3a926c7619f150ec4a9ca36029c7be75931aa14992aea31d9b56bdfea848814e571198cfd8625f3
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  fix/mildew.ps1
- Size
  
  381B
- MD5
  
  6c444a534181e1daae10ca86a6840e1c
- SHA1
  
  cd7c20f9abd78ee007ad214ac76fea236a551bc2
- SHA256
  
  e103f6bcd04cde81b8f42e54e15c43d324eb27928f1aeee3e60fcdece554e753
- SHA512
  
  3be7b2ecb8b74ea98de57215de9ca6a63ca8076b115e6c4af26b6f86980edd5adc0d1965592421de11efac34bf953b64bf95878b93e42b3318a03810ae66157b
Score

1^/10
behavioral5 behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

4

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Loads dropped DLL

Checks computer location settings

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6