qakbot | 1d59b62092422db48a95109b96badc464461d6c0ebdc98cdf00741b4e5cf4de3

General

Target

LN12.vhd
Size

2.0MB
Sample

221206-rcnzwsgg8s
MD5

53af8719e99f66a2586b0d9e93d1f38f
SHA1

9a6d50fd5e1c5d7cfef1ea19291ddad04b9a4698
SHA256

1d59b62092422db48a95109b96badc464461d6c0ebdc98cdf00741b4e5cf4de3
SHA512

75eb574cce398113b9704b81b428e7f546ff9a7dc184dfab553a433e3b745cf413e5652968a136da9189b848e875ccfae121f661f20abd2f2c90cd6fde00a052
SSDEEP

12288:zPZPmBHmmHD/cJminEGEY7+wO/49T3/lSAH:VPmHRHr/0xH

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

BB09

Campaign

1670354428

C2

216.82.134.218:443

49.175.72.56:443

12.172.173.82:22

12.172.173.82:50001

190.24.45.24:995

103.144.201.62:2078

24.142.218.202:443

70.160.80.210:443

24.228.132.224:2222

117.186.222.30:993

173.18.126.3:443

75.99.125.235:2222

172.90.139.138:2222

136.232.184.134:995

123.3.240.16:995

76.100.159.250:443

66.191.69.18:995

181.118.183.44:443

31.167.254.199:995

183.82.100.110:2222

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  DS.lnk
- Size
  
  1KB
- MD5
  
  4091d7118195b7b04cfe0e883bb8d0b8
- SHA1
  
  122d167f7f5d8ba57cb2231c1dc8954111393819
- SHA256
  
  3bdef21db3c0e1843d03a5458cc0f4c09bd9a06e2bc836ffab0731da0b49104f
- SHA512
  
  b36b8f1e5a7d8156dbcf79aecd2343a0dc3a28afcf58c9c1b92132d4d96963b04db0cf50a418007ef78e36062266827de234153d893a6c8cecb7b703acc92415
Score

10^/10

qakbot bb09 1670354428 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  sandalwood/annotates.cmd
- Size
  
  223B
- MD5
  
  9bb9812540b83f5cfd7cdf25633f0426
- SHA1
  
  f59674e34fb3851f84b83caf8d714c82ba6f11e1
- SHA256
  
  de7185b7f45cfb591af1faf2496ae7498fc971b3fa6eb4c92bd0d0ffd1cc209e
- SHA512
  
  98de0a1200d8003cc8473b0cbd83b8612f3e751aff31e743c05fc3b30b54614f4bff8282c94eee7c21bfdb5f24b4014bb19981811e49ffd0606024bac581187a
Score

1^/10
behavioral3 behavioral4
- Target
  
  sandalwood/forthcoming.tmp
- Size
  
  599KB
- MD5
  
  80a27842055378bd905a43aca1907425
- SHA1
  
  a2cde02adff4b083ec91707c24bd0503c5b62985
- SHA256
  
  c22fee368833ff4303e6b563fe540c7759f2f4ff0102f3cb8867b30d1be5dda4
- SHA512
  
  26f211fab8fdfc1606a668497e8f8d3105fcb5f3ef6755b98f0702ce6dfce355d248a65b8c4eecdfbade2db789212295fb0067ac21b6608950f8b28665c47831
- SSDEEP
  
  12288:8PZPmBHmmHD/cJminEGEY7+wO/49T3/lSAH:uPmHRHr/0xH
Score

3^/10
behavioral5 behavioral6
- Target
  
  sandalwood/mynah.cmd
- Size
  
  299B
- MD5
  
  da182f2f18108a219f8ef565e54868e6
- SHA1
  
  5db854d6814cae549ab0389fa043a7b48f5d80dc
- SHA256
  
  f861ae19db7fb3de597e5bb2fa83fc387cda06108461b805bda8025849e04fff
- SHA512
  
  f18aa570d02507604a024edce17b15cb7f1e8790d7f865a54180a224ce6bcb66eeb7df9e96a1742c9b01923858c243bc750cc2f77e3b010c02364343a1da939f
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8