qakbot | 1204c2bc02431a696c9d452daf3b77672f9001b6ef7abea6c5384d8091a545e9

General

Target

lol99.vhd
Size

2.0MB
Sample

221207-f2m84sbf2x
MD5

7753a1591679311c2bffa8e0888cf39a
SHA1

63d479d20fa7364a5eb4036576d18f36aea184b9
SHA256

1204c2bc02431a696c9d452daf3b77672f9001b6ef7abea6c5384d8091a545e9
SHA512

297795210d33e57067e2220a5eea5e164cffafeffe10af67f48312382aa2016e64cb18c54e9cfd92ef71a75370dbd0c65f2e7ec1c8ba875e72c61b346f888218
SSDEEP

12288:aOwOx+hfiNzqkalTfvvHWiYj7amQZGTcpy20ZsGOIBrupfJ:j+hnXWi+2pZG40P6nIBrUJ

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

BB08

Campaign

1669902931

C2

71.46.234.171:443

50.68.204.71:443

186.28.89.170:995

50.68.204.71:993

62.31.130.138:465

152.170.17.136:443

108.162.6.34:995

24.142.218.202:443

67.61.71.201:443

65.95.85.172:2222

50.232.21.70:995

76.184.95.190:993

47.16.69.220:2222

178.169.196.115:443

184.64.44.21:443

12.172.173.82:22

77.126.81.208:443

38.69.136.177:995

174.104.184.149:443

173.18.126.3:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  CX.lnk
- Size
  
  1KB
- MD5
  
  1674e161214abac968868f320acd78dd
- SHA1
  
  a8d7dc25d8a5537296ff552208941ce7de36a25f
- SHA256
  
  67c24b7ed4b4427cf5e6f0d379a69981431edac9c328dd43b2bf230327075778
- SHA512
  
  e9a26c1801cad72d07c1a07b7275926c0fc51f77911422ec8d83bff6df4c4d12edd0139550652e71a5070992742cd74e60f5392e3249e4b450f8769b7e1ec68b
Score

10^/10

qakbot bb08 1669902931 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  friskingly/classics.cmd
- Size
  
  305B
- MD5
  
  7bce54e12656f0aba6ad783698b32bb1
- SHA1
  
  cae9d14d2f47e02c968bddbf361e4e70af1c4977
- SHA256
  
  2e8fe805c67f67a413e4040dcdce0f847f86c021820d426d3b35b20040d3772e
- SHA512
  
  980a6dc4bbe77f7bfd54db5ab5d8655619cf132769e8d0a9a9f59586330928e60711da6b6768c6cda14a2d34d5d97915e45d322c4a8904dfbd08442dda9fc87c
Score

1^/10
behavioral3 behavioral4
- Target
  
  friskingly/reformism.cmd
- Size
  
  208B
- MD5
  
  8f92d55e945fd6da1128b29288998952
- SHA1
  
  2546c3bc27ca66a0af58abd3ed78a10094039e40
- SHA256
  
  083edddd979862613bb525bb419fc0e046f1499adaf2e253fda8afbdaf5454df
- SHA512
  
  169bc6a2d37181041f09aa5a5b01a856707e90e769ab40fc2a600c79dda922693fec1f6b52651e5683534c149c00851e70c8529fe53e7392e25184497a2fec07
Score

1^/10
behavioral5 behavioral6
- Target
  
  friskingly/titivating.tmp
- Size
  
  599KB
- MD5
  
  b18962586238e5a713b8a9dda2928ac6
- SHA1
  
  5e14559daeb93083171d8d4e3bc63ebb72b88e6e
- SHA256
  
  97a3cb32f891f0d01251c307356a5e89a71ebc9af24fde703f8e04aae24a72d4
- SHA512
  
  240aeddce61725162a292a6e33668eb2e67a86a448f57cb9bafef94f419b26277577af6ebd6e4825ad54d131d60f9d619b0fa6dd5f1ba63d78600ba854f17cf2
- SSDEEP
  
  12288:W+hfiNzqkalTfvvHWiYj7amQZGTcpy20ZsGOIBrupfJ:W+hnXWi+2pZG40P6nIBrUJ
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8