qakbot | 3062280fe348069065ad95f3c4667935ea916f39f8e482cc9b274d29c2377407

General

Target

VR-273.iso
Size

690KB
Sample

221130-llf3rabh4z
MD5

bb17d0154d93e5e55f6ac0610d463c71
SHA1

4684d0709fb7ee3a679b75054877f1b859c08169
SHA256

3062280fe348069065ad95f3c4667935ea916f39f8e482cc9b274d29c2377407
SHA512

6fa7e10aacbc11c672a5035da7cb25189cc0df1d9cde39c0257e401747e185d988f128290504b19e61c49c8832e2bce7144a55598e876fe2255a46772acf7eaa
SSDEEP

12288:Im1Mcw5EO6dHvDe0P3lx5EBto8BkfzNbuTyGrC6N2c2mcsAMzRGBRA4cZD:rMFEO6dHvDe0P335EXpUNSleQ2cYCGLc

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

BB08

Campaign

1669628564

C2

98.147.155.235:443

85.52.73.34:2222

75.158.15.211:443

2.91.184.252:995

92.106.70.62:2222

85.152.152.46:443

86.159.48.25:2222

217.128.91.196:2222

92.11.189.236:2222

83.92.85.93:443

2.83.62.105:443

93.24.192.142:20

76.20.42.45:443

24.64.114.59:2078

73.36.196.11:443

130.43.99.103:995

172.117.139.142:995

100.16.107.117:443

12.172.173.82:22

176.151.15.101:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  AS.js
- Size
  
  130B
- MD5
  
  07bea373c9154e9d1e952284573d78f2
- SHA1
  
  c3a5772930125410b68d9cea820a5c0b3ac6d266
- SHA256
  
  8d8618f5a460543cbefc214f1a63c63eccae9759096751f546c00ebf20f7be37
- SHA512
  
  7e7b8b651adf185b34366ef0be05608f49d5239a87dfe52bb1f6195820900f1d258f96b58db027dfa4aef9cfc95357433f6414808b47ad3816be825973fc28f5
Score

10^/10

qakbot bb08 1669628564 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  fix/resetting.js
- Size
  
  130B
- MD5
  
  07bea373c9154e9d1e952284573d78f2
- SHA1
  
  c3a5772930125410b68d9cea820a5c0b3ac6d266
- SHA256
  
  8d8618f5a460543cbefc214f1a63c63eccae9759096751f546c00ebf20f7be37
- SHA512
  
  7e7b8b651adf185b34366ef0be05608f49d5239a87dfe52bb1f6195820900f1d258f96b58db027dfa4aef9cfc95357433f6414808b47ad3816be825973fc28f5
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  fix/scaly.ps1
- Size
  
  375B
- MD5
  
  a3fde8e47ad557b120a7e89e46513d9b
- SHA1
  
  d222886e0e33b03b8ae84ccc4e9b33549bbde80f
- SHA256
  
  a895f778c2119af6eb5c8b209d63637db2cd80a40848c773fdb413683f96e9e8
- SHA512
  
  3be76c1f1bff8e9e0b6b029c4e0f515df7db7f494635f9706b173e867112fb94df11d27d790d84772533e70d7384fa30fbef57a7f1da2b1fe6d1a8008951ac36
Score

1^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Loads dropped DLL

Checks computer location settings

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6