qakbot | 104ae3eb7e0e6e08ec0b834103322935976a65f1d065e3a7ce122a393dafcd0d

General

Target

JR-781.iso
Size

690KB
Sample

221130-ab54caea5z
MD5

abd0dc635ee8bbb283299b4c32a1d06e
SHA1

94a023dd1ee74ac924ed2c183f68303d28eb6b00
SHA256

104ae3eb7e0e6e08ec0b834103322935976a65f1d065e3a7ce122a393dafcd0d
SHA512

e16648e1b2c77aac3d49316465c3d756c89dcc2a6270c03e2473af67fe3f6ef3305554914c3e5f77ff8d5681ebfa5f8c9e078e698db54461b4a3958e7273240e
SSDEEP

12288:tm1Mcw5EO6dHvDe0P3lx5EBto8BkfzNbuTyGrC6N2c2mcsAMzRGBRA4cZD:uMFEO6dHvDe0P335EXpUNSleQ2cYCGLc

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

BB08

Campaign

1669628564

C2

98.147.155.235:443

85.52.73.34:2222

75.158.15.211:443

2.91.184.252:995

92.106.70.62:2222

85.152.152.46:443

86.159.48.25:2222

217.128.91.196:2222

92.11.189.236:2222

83.92.85.93:443

2.83.62.105:443

93.24.192.142:20

76.20.42.45:443

24.64.114.59:2078

73.36.196.11:443

130.43.99.103:995

172.117.139.142:995

100.16.107.117:443

12.172.173.82:22

176.151.15.101:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  AS.js
- Size
  
  130B
- MD5
  
  1d522384637bfc1f95fa5d708774a529
- SHA1
  
  e32b2f88c5857717bca1d1f3b5d6a4ae4b17cc5c
- SHA256
  
  2ea446f537cd57855ec91de795008149a1b985ec198267da629fe7634e61bc51
- SHA512
  
  5e675f4a7db4017c9f05a89d58b74f1e1b9ae9918945986a90c3d396cf8fe7deeb90b27292d590ec2b33bc79ee73c094bbee68aacc44dbec116b0f6ea4ab9802
Score

10^/10

qakbot bb08 1669628564 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  fix/dunes.ps1
- Size
  
  383B
- MD5
  
  8040cf22240eb5eda9f098f4a182868d
- SHA1
  
  ba951d89cfd431d5c9f8e09fc2762b499c94973b
- SHA256
  
  40fa1a2c8f89b2c13efdff91e73968220c1c3fff42b96cecb4e75bf920c4be6e
- SHA512
  
  e65adca0f4977208eda3b3ab100699faa3a3968d3cb1f5901f04a67f7b8a19ae16fb71e33f6ec4037fae2194377c5488d2e2c5b57783545c71176a69ffc7197c
Score

1^/10
behavioral3 behavioral4
- Target
  
  fix/poe.js
- Size
  
  130B
- MD5
  
  1d522384637bfc1f95fa5d708774a529
- SHA1
  
  e32b2f88c5857717bca1d1f3b5d6a4ae4b17cc5c
- SHA256
  
  2ea446f537cd57855ec91de795008149a1b985ec198267da629fe7634e61bc51
- SHA512
  
  5e675f4a7db4017c9f05a89d58b74f1e1b9ae9918945986a90c3d396cf8fe7deeb90b27292d590ec2b33bc79ee73c094bbee68aacc44dbec116b0f6ea4ab9802
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Loads dropped DLL

Checks computer location settings

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6