qakbot | 5d6be971e3d4577fe20d34c5d71962e7100a48830581cc364c505a2ac1fb4e1d

General

Target

5d6be971e3d4577fe20d34c5d71962e7100a48830581cc364c505a2ac1fb4e1d
Size

503KB
Sample

221205-tg1klahc81
MD5

6d51a588f30e4a5daacb40b1d1ccc7e5
SHA1

9c3046985ffa9f44a86c20f71e62e25bbd933ebd
SHA256

5d6be971e3d4577fe20d34c5d71962e7100a48830581cc364c505a2ac1fb4e1d
SHA512

b18484aee7b66f105349dadfda7bdf7f18f515525efa70ccaa4f87a4058eb715636840ed6b12df7e5a447ec0ed347eec3de778a163fedcc923375aac6fc7b4b0
SSDEEP

12288:eri/raaL9aCDE/vTvWtWZc9bi4aQMo/hWepfL29AERNO:eibL9VDETdCZtpiK

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

BB09

Campaign

1670238005

C2

76.100.159.250:443

66.191.69.18:995

186.64.67.9:443

50.90.249.161:443

109.150.179.158:2222

92.149.205.238:2222

86.165.15.180:2222

41.44.19.36:995

78.17.157.5:443

173.18.126.3:443

75.99.125.235:2222

172.90.139.138:2222

27.99.45.237:2222

91.68.227.219:443

12.172.173.82:993

103.144.201.62:2078

12.172.173.82:990

173.239.94.212:443

91.169.12.198:32100

24.64.114.59:2222

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  HG.lnk
- Size
  
  1KB
- MD5
  
  1c4e8962506f453877c1f769f7ae57f9
- SHA1
  
  b35a44659773f50eb391c220042136f2b2a81f93
- SHA256
  
  4c41cde5eb0dc1599c1fefe50329f4268eb1e01e092adc52f8a508578fdc7851
- SHA512
  
  90f1e9fd247d0e1a06bcea03e3af2e152e353e977d17555e3e88a905b90748012e990ab00e9467b128d2d88ce8faa69055727e8935091687ce18dd462a85526a
Score

10^/10

qakbot bb09 1670238005 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2