qakbot | b0e9cc8b694fe777386ad45946a5da490da5eb8788cc0429ed952a29048b7b54

Sharing

Copy URL

Twitter E-mail

General

Target

RRFN04.vhd
Size

2.0MB
Sample

221207-p9419seh94
MD5

af901200df5232502bced916ca52c887
SHA1

700a38ac290c59120c3b1bf3dd4343d4f26012b6
SHA256

b0e9cc8b694fe777386ad45946a5da490da5eb8788cc0429ed952a29048b7b54
SHA512

68fe1739dbca462d5d30f5e7aa9d4ab475cc909367b135d03a4adfee97326974fcb0dc97b038341b7352fc0060adbce30a93773bb6e0bd8909a39ce6272028a1
SSDEEP

12288:E3FkTebS05+Y06cilJy9tnY+yTbm8UQw8Mzxu:E3GTebS05+oxy9tnYM8UQw8Md

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

BB09

Campaign

1670238005

76.100.159.250:443

66.191.69.18:995

186.64.67.9:443

50.90.249.161:443

109.150.179.158:2222

92.149.205.238:2222

86.165.15.180:2222

41.44.19.36:995

78.17.157.5:443

173.18.126.3:443

75.99.125.235:2222

172.90.139.138:2222

27.99.45.237:2222

91.68.227.219:443

12.172.173.82:993

103.144.201.62:2078

12.172.173.82:990

173.239.94.212:443

91.169.12.198:32100

24.64.114.59:2222

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  RR.lnk
- Size
  
  1KB
- MD5
  
  964c9dcbc25951abd9bdf33d328df903
- SHA1
  
  a96e2668c7064efc551c01bac0af9023eb462521
- SHA256
  
  db18eecfe9fe2291be22c0b5651e019866832162cebbc73e42cc8cbf8862db92
- SHA512
  
  45d9d7cada711c4a58e396f14d6de15c236a8f7067da6c5f42ab910ecc60fee349fdc38ed1da936bc9dafe8f9056fd53c094ff6aa7815b48c1aa53139cb3e559
Score

10^/10

qakbot bb09 1670238005 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  unnautical/compassionable.cmd
- Size
  
  279B
- MD5
  
  54f90e2c06e60852d3f75385d6e6f648
- SHA1
  
  413c32edcdede34138bdd9d224fe7f9b649c9149
- SHA256
  
  cc770c3b6d2b8e62d640cdb1628cc6bdbe533dfe0e79f4be5721967a87e0536c
- SHA512
  
  521f76128948d3f550dc01cef6bb51cb5bc42f0984ed2fa0fb3e8e38f7c9c34bb49872439f1b1646b121ea24dcd283460bba53c76875e0c93d6e71b05125faf5
Score

1^/10
behavioral3 behavioral4
- Target
  
  unnautical/pursuit.cmd
- Size
  
  237B
- MD5
  
  1caa61e64d91e49d45072f632c24f396
- SHA1
  
  fd748fd24c5af8ed5bfea1d07c7ed3ea04e1eeb8
- SHA256
  
  d0b9440f8869a2d1b88e3e11a6f9ba6f5d5982bb820f54440bb05c12311ac5f9
- SHA512
  
  39438cfcd44d34df3c48e743020d1538de10fdbf6cb3dbae4ef7c2441769bc6f0c8ce123b188a1c75dd7e9845c0f130fbb8fc57f373d79eb69cff132d7c70822
Score

1^/10
behavioral5 behavioral6
- Target
  
  unnautical/unbundles.tmp
- Size
  
  497KB
- MD5
  
  2e616a399fabd662ff46730205ac2980
- SHA1
  
  57d192ebd7b733d65e4db5b746f8fc2c31e28d60
- SHA256
  
  4362a0d07d499afc6a2f948b64a4800684dbddb3b76464b78860f6f6a77640a3
- SHA512
  
  fb31b3bd4b92070b4f9ea9901c77c908962bc16dea4c392ece9313fc918c60d6aef8c9991b893d8794bda2cc10ebc82e139cd5fb69eee4df806e256301b2a879
- SSDEEP
  
  6144:kc0+H0LwX/ei0iPlJgQwggr6cAhMtnEbER8wvyRaY4Kls1yc8UQw8Mz1fu:D06cilJy9tnY+yTbm8UQw8Mzxu
Score

10^/10

qakbot bb09 1670238005 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral7 behavioral8

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8