qakbot | b2c1a42235871224b3afb06b931a4aa6a0d074c0953a1469bc6358cedcf75d3a

General

Target

b2c1a42235871224b3afb06b931a4aa6a0d074c0953a1469bc6358cedcf75d3a.vhd
Size

2.0MB
Sample

221205-z2lj3abc8x
MD5

fd765e768b7703d955ca8073a4b82030
SHA1

eedd6f668348f718ed2ccd8863d973ac6ce51f59
SHA256

b2c1a42235871224b3afb06b931a4aa6a0d074c0953a1469bc6358cedcf75d3a
SHA512

7ecee45612b04abaf619829ee4bb0e108752ea07ed84989fd751f92752e6324faf9a15b46d7985b661d84d3a9763d558136e4a32c3fdd25798d322bc432dbacb
SSDEEP

12288:L+hfiNzqkalTfvvHWiYj7amQZGTcpC20ZsGOIBrupfJ:L+hnXWi+2pZG4UP6nIBrUJ

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

BB08

Campaign

1669902931

C2

71.46.234.171:443

50.68.204.71:443

186.28.89.170:995

50.68.204.71:993

62.31.130.138:465

152.170.17.136:443

108.162.6.34:995

24.142.218.202:443

67.61.71.201:443

65.95.85.172:2222

50.232.21.70:995

76.184.95.190:993

47.16.69.220:2222

178.169.196.115:443

184.64.44.21:443

12.172.173.82:22

77.126.81.208:443

38.69.136.177:995

174.104.184.149:443

173.18.126.3:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  CX.lnk
- Size
  
  1KB
- MD5
  
  2cf243993914e5e59bb3f2336a1cec7e
- SHA1
  
  7985e21c3d6426b9aa6943a5849a0c6b69bfe1ed
- SHA256
  
  3b718372bc32b024b122a866999b4a6b3e67a0efe57803417700828203f2f78a
- SHA512
  
  0d14ba36241244a0eb70dc52621f445f39450dec88bb4f148675e2b7b2db2870bd1ea00fe1af6fae53f6a03293fb327dbae47dc0cba58f8a906470d054398116
Score

10^/10

qakbot bb08 1669902931 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  glasses/astrophysics.tmp
- Size
  
  599KB
- MD5
  
  8016278a2154ddd50fa719a15d93f166
- SHA1
  
  af6b2dddaf6192ee547c783a58dc6ce49317a54d
- SHA256
  
  22c550ddaee6ffdc3b4ab09bcc64461d444312958cd14f05178b2124de18ffa4
- SHA512
  
  7bf75b38b29a685be4fbce0700e9a22f273911eb71400de028bbf3e9e2e586c992b168bb752562b19e7373f672e31d7a42fb1735fb2ef7b02951c1f18f642faf
- SSDEEP
  
  12288:W+hfiNzqkalTfvvHWiYj7amQZGTcpC20ZsGOIBrupfJ:W+hnXWi+2pZG4UP6nIBrUJ
Score

1^/10
behavioral3 behavioral4
- Target
  
  glasses/caitiff.cmd
- Size
  
  230B
- MD5
  
  f656106936e1f45ae054b6d4dd029219
- SHA1
  
  0e2e4d706e383dec6a2ed3ae08b8caf6a4b4f061
- SHA256
  
  c29ab47a71c297c0cd9297ca77f494451134c89b8056965e3a99d2a5550103ea
- SHA512
  
  5b0817224afda6a35f75a4c8513676c23e7e3dbb455fc8089eeb10a717f8b701d2840da91b5656d3fa1a364784eff4ebc5907e51fec1b0047e8e7d91b165b1b0
Score

1^/10
behavioral5 behavioral6
- Target
  
  glasses/certificated.cmd
- Size
  
  297B
- MD5
  
  a5d2f0ccad9c55ccc8fb24379a5c2cc8
- SHA1
  
  c5acbaca2dc86b0779a64dd94fd83ec8d612b45d
- SHA256
  
  51c5b2aad08d5283ef553c4773ae9b8d26eb30ce8e6b59d7c13003f57ce7ae68
- SHA512
  
  01f4906bc9a1fd70333052370860828f631b1d05ad58b2815dea24363df90f2d2fbb6c285fba6f5890b5830f239291b0e32db5b99b8c839d4872a0f7fbc1cdce
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8