qakbot | e55f78dc679c0246702846641703c48e76f292f5d8fb18696b52008ac753420c

General

Target

WI-072.iso
Size

690KB
Sample

221130-sbxq3sae75
MD5

febef2d84648d419da3ad0c1a8420269
SHA1

9e5c8255f9406521d0235853664f5b1fe48590ce
SHA256

e55f78dc679c0246702846641703c48e76f292f5d8fb18696b52008ac753420c
SHA512

3832f98e34f7de34b5236d61111209f06c483b58cde08958670e451599234d2972255e3d01d892df29d329d292e440f8f3e8286a353d42d6c6ed5ad1d4fc406b
SSDEEP

12288:Mm1Mcw5EO6dHvDe0P3lx5EBto8BkfzNbuTyGrC6N2c2mcsAMzRGBRA4cZD:nMFEO6dHvDe0P335EXpUNSleQ2cYCGLc

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

BB08

Campaign

1669628564

C2

98.147.155.235:443

85.52.73.34:2222

75.158.15.211:443

2.91.184.252:995

92.106.70.62:2222

85.152.152.46:443

86.159.48.25:2222

217.128.91.196:2222

92.11.189.236:2222

83.92.85.93:443

2.83.62.105:443

93.24.192.142:20

76.20.42.45:443

24.64.114.59:2078

73.36.196.11:443

130.43.99.103:995

172.117.139.142:995

100.16.107.117:443

12.172.173.82:22

176.151.15.101:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  AS.js
- Size
  
  132B
- MD5
  
  28048969a3d56e40a9d773ba8248044b
- SHA1
  
  1dc77ffe2f01911f72b4bb53ed1ba2718fa1a460
- SHA256
  
  8e6917eda43d25d78bb4f140a689572e02152b7e0b8be6ca509fb51fed4cb9fb
- SHA512
  
  20b5979c8294431bfc7b4b5c94ac5d7a1ba33f996c808fce06a967085e625963665d83cd80c3861370be919229c47146ef85eaebe6901f1b0846295b30c194ef
Score

10^/10

qakbot bb08 1669628564 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  fix/slammed.ps1
- Size
  
  370B
- MD5
  
  6871e689ca34e3c6f044464916bbf359
- SHA1
  
  18afe45e38d4684e8479c3e8250a72fd09fdaf8f
- SHA256
  
  0b610f85fe3492a419ce759a83980a333b47958fe668ece7b734fb6f20a2954b
- SHA512
  
  7ae15f64d9b47f907290880325a962212b57c09a7f6c4b4b9d78ded6abdd950e5b483f2ad8000e855c7b9ef1ae1ff5fe90a2c28d4d9ab7efc0f00a97ead349de
Score

1^/10
behavioral3 behavioral4
- Target
  
  fix/terrines.js
- Size
  
  132B
- MD5
  
  28048969a3d56e40a9d773ba8248044b
- SHA1
  
  1dc77ffe2f01911f72b4bb53ed1ba2718fa1a460
- SHA256
  
  8e6917eda43d25d78bb4f140a689572e02152b7e0b8be6ca509fb51fed4cb9fb
- SHA512
  
  20b5979c8294431bfc7b4b5c94ac5d7a1ba33f996c808fce06a967085e625963665d83cd80c3861370be919229c47146ef85eaebe6901f1b0846295b30c194ef
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral5 behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

4

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Loads dropped DLL

Checks computer location settings

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6