qakbot | 81c4dfd64db4238dab1ca85953cdcdcb83400aa94bf333ee6bec6f2c44fea034

General

Target

PF-735.iso
Size

101.2MB
Sample

221201-byjdjafh7s
MD5

9c13353d620bf04b6d76037d8dd14d5a
SHA1

b1c25212d295fbb01ad78b111343b3ab8334cec8
SHA256

81c4dfd64db4238dab1ca85953cdcdcb83400aa94bf333ee6bec6f2c44fea034
SHA512

ebcace0e5592de1734b2773c76c72e28b971d72ebeb356182a817e57b9d96fed4d071158afd0bd3a7b3e561632d148e2691c5df2500441ff4ed8c6979a4829e7
SSDEEP

24576:7IfK3N4K+aqM7mz/WdxrN81BK9pBBuWb:7r5CM7qAxCK9pBBuWb

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

BB08

Campaign

1669628564

C2

98.147.155.235:443

85.52.73.34:2222

75.158.15.211:443

2.91.184.252:995

92.106.70.62:2222

85.152.152.46:443

86.159.48.25:2222

217.128.91.196:2222

92.11.189.236:2222

83.92.85.93:443

2.83.62.105:443

93.24.192.142:20

76.20.42.45:443

24.64.114.59:2078

73.36.196.11:443

130.43.99.103:995

172.117.139.142:995

100.16.107.117:443

12.172.173.82:22

176.151.15.101:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  BF.vbs
- Size
  
  178B
- MD5
  
  e97169d9a3f1ee48f357f745e4160aea
- SHA1
  
  4806088e1b797895329851b0a6fe0928e74f8d9c
- SHA256
  
  d838a0f1bedce3f68099bcf37f3ae293c1ef441aa46173e67d5108b1ba41fd41
- SHA512
  
  634f98139e2b6082aad5898324e167fbe161b75a2c8ae145d8bd335706ea9d81449441a556b8fe2853079b590f0abcf0d0a0f04c9b69a7469e2dbdac0cc99322
Score

10^/10

qakbot bb08 1669628564 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  teased/galactic.ps1
- Size
  
  360B
- MD5
  
  0335593a781a39c3ebf1c89a2c769e83
- SHA1
  
  29a89d7f27bfdff00abe9c0656b37b78ea73ec53
- SHA256
  
  3e59dc53b3b5750e0022470f67ed45a2b87da7488b0e38f2a92b8e6d10c99da4
- SHA512
  
  c582763b0e9e7ce54be5a1ac4b4ab2e21985b34612481f8330498e214e8c575f4181b8143e809957c006df02d4ea347df52dd9f41e933ba06d15c33cd941ea91
Score

1^/10
behavioral3 behavioral4
- Target
  
  teased/unamalgamated.vbs
- Size
  
  178B
- MD5
  
  e97169d9a3f1ee48f357f745e4160aea
- SHA1
  
  4806088e1b797895329851b0a6fe0928e74f8d9c
- SHA256
  
  d838a0f1bedce3f68099bcf37f3ae293c1ef441aa46173e67d5108b1ba41fd41
- SHA512
  
  634f98139e2b6082aad5898324e167fbe161b75a2c8ae145d8bd335706ea9d81449441a556b8fe2853079b590f0abcf0d0a0f04c9b69a7469e2dbdac0cc99322
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral5 behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

4

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Loads dropped DLL

Checks computer location settings

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6