qakbot | b6791e467a88b94a403ca0a73bfbe5ede7016c526c7ce04d83bc1add3deb0686

General

Target

RX-697.iso
Size

690KB
Sample

221130-rr9vxaha49
MD5

d61a9fe845f1881efd284eaf1c1668f0
SHA1

0a8c3ee780763ebba1473d4508934ec13e23c2e7
SHA256

b6791e467a88b94a403ca0a73bfbe5ede7016c526c7ce04d83bc1add3deb0686
SHA512

978784b35e1654502bc586227f85450bd19810e030ae53699fd5a541ee04fc9d3b7c45dc862b1d834593499ccb3c51b3e5957ae64181495b035fc71b8b56eae8
SSDEEP

12288:ym1Mcw5EO6dHvDe0P3lx5EBto8BkfzNbuTyGrC6N2c2mcsAMzRGBRA4cZD:JMFEO6dHvDe0P335EXpUNSleQ2cYCGLc

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

BB08

Campaign

1669628564

C2

98.147.155.235:443

85.52.73.34:2222

75.158.15.211:443

2.91.184.252:995

92.106.70.62:2222

85.152.152.46:443

86.159.48.25:2222

217.128.91.196:2222

92.11.189.236:2222

83.92.85.93:443

2.83.62.105:443

93.24.192.142:20

76.20.42.45:443

24.64.114.59:2078

73.36.196.11:443

130.43.99.103:995

172.117.139.142:995

100.16.107.117:443

12.172.173.82:22

176.151.15.101:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  AS.js
- Size
  
  136B
- MD5
  
  80afc673645a4f84c6625c4bb179ec6e
- SHA1
  
  9a5591b968fbb5965c8cec44a3222e4fdd5eb691
- SHA256
  
  a6a5982619a54a95cc57eca09559c1e21fc272f27489a7f88c68d55dcf0f5267
- SHA512
  
  bf351bebe654abb6952a5b8d923b1c0850a7b188f26471d18a2a14413af37a8154f66c8831aef7d0955bad3069d49e016e5bf491b503f31947d217b11344aeb1
Score

10^/10

qakbot bb08 1669628564 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  fix/overheating.ps1
- Size
  
  375B
- MD5
  
  6ee92414be45018296d496037785a219
- SHA1
  
  eaab17171418a692f2ac4514b6bb39e42e5e2d87
- SHA256
  
  5891831e909fd426a60355b287fca4e2a26280f24a6ae16ae5e4c09ba77838c0
- SHA512
  
  dd3bb51e4861cd0593f4ad8394db8207bb2d5e46caf633790a8363ced7d3f4ad51539bf6b4b351eaebe1964e722a9942e090b249e52af214db67dd716b4af75b
Score

1^/10
behavioral3 behavioral4
- Target
  
  fix/suspended.js
- Size
  
  136B
- MD5
  
  80afc673645a4f84c6625c4bb179ec6e
- SHA1
  
  9a5591b968fbb5965c8cec44a3222e4fdd5eb691
- SHA256
  
  a6a5982619a54a95cc57eca09559c1e21fc272f27489a7f88c68d55dcf0f5267
- SHA512
  
  bf351bebe654abb6952a5b8d923b1c0850a7b188f26471d18a2a14413af37a8154f66c8831aef7d0955bad3069d49e016e5bf491b503f31947d217b11344aeb1
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral5 behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

4

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Loads dropped DLL

Checks computer location settings

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6