qakbot | 2f49265797c7b7452ff754a178995629fbbe1a371873f505dae15ccfe218b170

General

Target

WR-679.iso
Size

101.2MB
Sample

221130-v4htqsba39
MD5

4da3e2d9b1ba57546d05b51e52eace47
SHA1

e5ca6a04754c9fd40f7097b011aa70f4b2da5780
SHA256

2f49265797c7b7452ff754a178995629fbbe1a371873f505dae15ccfe218b170
SHA512

6b4e9de197dbd7b1467cc83abdb881e02db46befc539339a7e0596c1d701b906782831d57e11fef168ef8a28439fc4b062651343447d7baa73274237dd354cda
SSDEEP

24576:GIfK3N4K+aqMjmz/WdxrN81BW9pBBuWb:Gr5CMjqAxCW9pBBuWb

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

BB08

Campaign

1669628564

C2

98.147.155.235:443

85.52.73.34:2222

75.158.15.211:443

2.91.184.252:995

92.106.70.62:2222

85.152.152.46:443

86.159.48.25:2222

217.128.91.196:2222

92.11.189.236:2222

83.92.85.93:443

2.83.62.105:443

93.24.192.142:20

76.20.42.45:443

24.64.114.59:2078

73.36.196.11:443

130.43.99.103:995

172.117.139.142:995

100.16.107.117:443

12.172.173.82:22

176.151.15.101:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  BF.vbs
- Size
  
  179B
- MD5
  
  d8ab48bc5170122c8acb023c638a66c8
- SHA1
  
  2a30177c521710a139b57216415cecb85efb2e58
- SHA256
  
  d2f7c74338d0e10042aeeec59f209762bbd131cbdb284ff731d0384de2a1ac7c
- SHA512
  
  ef9ce632e556acbcf56617ec623df80a2276a679fd8a7cbb294eb3eae93524772dcdfe4ca0860a9c7d62b41e45353454e2e95ddd0c3c92bbe54ba1d7e966122c
Score

10^/10

qakbot bb08 1669628564 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  teased/brisk.vbs
- Size
  
  179B
- MD5
  
  d8ab48bc5170122c8acb023c638a66c8
- SHA1
  
  2a30177c521710a139b57216415cecb85efb2e58
- SHA256
  
  d2f7c74338d0e10042aeeec59f209762bbd131cbdb284ff731d0384de2a1ac7c
- SHA512
  
  ef9ce632e556acbcf56617ec623df80a2276a679fd8a7cbb294eb3eae93524772dcdfe4ca0860a9c7d62b41e45353454e2e95ddd0c3c92bbe54ba1d7e966122c
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  teased/streetcar.ps1
- Size
  
  360B
- MD5
  
  8b1705dace1204fca00b08d30c674986
- SHA1
  
  c2671acb6149ea7525fa1360d167aabd249671d7
- SHA256
  
  af90b3709a27e3f1600cf587fcf839c7a01ccd970c4ede68d0ae5dab493f49fa
- SHA512
  
  4503e5675c53aaa32559e1ceac3f9ee7be17a020ffdff2ef54f699db3ba5334ee20406060bf4082be3df399b6f0470d7db6e4049fa896e5b590b587f540b5442
Score

1^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Loads dropped DLL

Checks computer location settings

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6