qakbot | 955a262b9889fd6b20f3e8c5ccec98fa414070abda1656a1bc31b32acd4ece4a

General

Target

QW-034.iso
Size

690KB
Sample

221130-q8p2dsab7x
MD5

6eb14e9c80839daa6586f1ae58ee2f6b
SHA1

a6728b297e4a2bd7071cf2b86c4eae8f94e8b666
SHA256

955a262b9889fd6b20f3e8c5ccec98fa414070abda1656a1bc31b32acd4ece4a
SHA512

197fb83a32ee4145e62de4967ef85f90d24cbff476e844a1585eded547e73c838c6af5c30386527fdeed7afc0b9c646aac22fe1b2998be35b034cf0ab6d98459
SSDEEP

12288:Um1Mcw5EO6dHvDe0P3lx5EBto8BkfzNbuTyGrC6N2c2mcsAMzRGBRA4cZD:PMFEO6dHvDe0P335EXpUNSleQ2cYCGLc

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

BB08

Campaign

1669628564

C2

98.147.155.235:443

85.52.73.34:2222

75.158.15.211:443

2.91.184.252:995

92.106.70.62:2222

85.152.152.46:443

86.159.48.25:2222

217.128.91.196:2222

92.11.189.236:2222

83.92.85.93:443

2.83.62.105:443

93.24.192.142:20

76.20.42.45:443

24.64.114.59:2078

73.36.196.11:443

130.43.99.103:995

172.117.139.142:995

100.16.107.117:443

12.172.173.82:22

176.151.15.101:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  AS.js
- Size
  
  127B
- MD5
  
  6eaf213bc89d562cec1a50227e681dbe
- SHA1
  
  e4a652b60eb7cf8407ca76f75c9fe9372c02052a
- SHA256
  
  699f8221ec372afa2ad90aba988d0a91b9ec31a34f12575c2d19159ab5b58810
- SHA512
  
  4cb7af2a78d2e95583f86d2c637c65d4771ea51a3d4cc30ff3ed342165b95d81d658f7f5c21e43c845feb9cfb3f66ee5700f8a107d6d51b59a89eece9545c151
Score

10^/10

qakbot bb08 1669628564 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  fix/if.ps1
- Size
  
  374B
- MD5
  
  528849a1d12efbb9faa8ee144130d626
- SHA1
  
  dc40eb328bfd376c0b2cabbccc634694416befbc
- SHA256
  
  68e4e311de92ce56b1fb5d6a4b52d36fa77dd669048eeb04314f085f21266093
- SHA512
  
  8c6a0cb869d4f28ba49264fb8d001b8a5437026cfac4d3872dd11e67f1bb3fb1f34e17f317cc401ab8ba7836a20c77150e402b67ecc3fe8f178e9b93ac179383
Score

1^/10
behavioral3 behavioral4
- Target
  
  fix/probing.js
- Size
  
  127B
- MD5
  
  6eaf213bc89d562cec1a50227e681dbe
- SHA1
  
  e4a652b60eb7cf8407ca76f75c9fe9372c02052a
- SHA256
  
  699f8221ec372afa2ad90aba988d0a91b9ec31a34f12575c2d19159ab5b58810
- SHA512
  
  4cb7af2a78d2e95583f86d2c637c65d4771ea51a3d4cc30ff3ed342165b95d81d658f7f5c21e43c845feb9cfb3f66ee5700f8a107d6d51b59a89eece9545c151
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral5 behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

4

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Loads dropped DLL

Checks computer location settings

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6