qakbot | ebeca21ad6403606c54544aac442824e9b836bad25bba5ccdcf255d596deac63

General

Target

HM-936.iso
Size

690KB
Sample

221130-phsh6aac32
MD5

84c1b6fa97ca5cd82b84425f9eaeb5ed
SHA1

f5bb276c4ad67ebe1558d26c05b1805b8fe57f75
SHA256

ebeca21ad6403606c54544aac442824e9b836bad25bba5ccdcf255d596deac63
SHA512

18b7199aa1da6e8957d3018864fc3467891e529e6f1c816e5d29b275e6fdabf6afcdc4a43bca38d0263f3147596f211d595e1dff0709aed807b48d4561b17a32
SSDEEP

12288:em1Mcw5EO6dHvDe0P3lx5EBto8BkfzNbuTyGrC6N2c2mcsAMzRGBRA4cZD:tMFEO6dHvDe0P335EXpUNSleQ2cYCGLc

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

BB08

Campaign

1669628564

C2

98.147.155.235:443

85.52.73.34:2222

75.158.15.211:443

2.91.184.252:995

92.106.70.62:2222

85.152.152.46:443

86.159.48.25:2222

217.128.91.196:2222

92.11.189.236:2222

83.92.85.93:443

2.83.62.105:443

93.24.192.142:20

76.20.42.45:443

24.64.114.59:2078

73.36.196.11:443

130.43.99.103:995

172.117.139.142:995

100.16.107.117:443

12.172.173.82:22

176.151.15.101:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  AS.js
- Size
  
  135B
- MD5
  
  5106b6825df2e009bd2ed5b4af7fc3a1
- SHA1
  
  f7532629922e52fe7405042ce0df2b084f2b62a9
- SHA256
  
  0b914e7765492e326772dfd368970458fcba65a93536f15075ab3036197cc9e0
- SHA512
  
  8d7ccf99ae513565d39531e91d95ee7086fb0dccf1b900ce915230bb6cb0a7bbe71ec50d7befc19fd7331cf56d595051ea41d8386a607f29087fdd7f81ed9246
Score

10^/10

qakbot bb08 1669628564 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  fix/jubilation.js
- Size
  
  135B
- MD5
  
  5106b6825df2e009bd2ed5b4af7fc3a1
- SHA1
  
  f7532629922e52fe7405042ce0df2b084f2b62a9
- SHA256
  
  0b914e7765492e326772dfd368970458fcba65a93536f15075ab3036197cc9e0
- SHA512
  
  8d7ccf99ae513565d39531e91d95ee7086fb0dccf1b900ce915230bb6cb0a7bbe71ec50d7befc19fd7331cf56d595051ea41d8386a607f29087fdd7f81ed9246
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  fix/liquidized.ps1
- Size
  
  372B
- MD5
  
  5a9b3edd77bb7d66766557e346b738cd
- SHA1
  
  fae10a1eaaf579740102708aad8b4e5fd6703dbf
- SHA256
  
  d367d5ff9145933c4481694e6f06e655c0f12beacde18c0c719a59f9b2688a92
- SHA512
  
  5dcef35bd73163bf08de96b3c0b7bdff3c1bed811d9a83bbe396781cb41823b11b6a8f4d12d4521bcaa7090a535d17287ea59eb498bd635cdb45c505bd565157
Score

1^/10
behavioral5 behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

4

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Loads dropped DLL

Checks computer location settings

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6