qakbot | 76f921f3a90e55c10ba577da884b572f242653a8b3370e55db4ca39b3158eaa0

General

Target

RRAM37.vhd
Size

2.0MB
Sample

221207-plmgbaaa6t
MD5

bc3fb59562fb6f1891755aac2a9e217e
SHA1

fc626234ac76e714b25dade610b3cecac3007381
SHA256

76f921f3a90e55c10ba577da884b572f242653a8b3370e55db4ca39b3158eaa0
SHA512

c2fbe382eb9c4ecdef799c2bcdf9edecd8f0aec0cfebc8331d668f30e9ea0eac3d7dce8e8bbb0d199f3ead658fe9331997c6965b5866cd1119570cb2a960b248
SSDEEP

49152:iEd48ouKmqusRaz5+shbpwqwZwpwBHHHHHhHewSHjHHfwoYn8UQw8M:G8UQw8M

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

BB09

Campaign

1670238005

C2

76.100.159.250:443

66.191.69.18:995

186.64.67.9:443

50.90.249.161:443

109.150.179.158:2222

92.149.205.238:2222

86.165.15.180:2222

41.44.19.36:995

78.17.157.5:443

173.18.126.3:443

75.99.125.235:2222

172.90.139.138:2222

27.99.45.237:2222

91.68.227.219:443

12.172.173.82:993

103.144.201.62:2078

12.172.173.82:990

173.239.94.212:443

91.169.12.198:32100

24.64.114.59:2222

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  RR.lnk
- Size
  
  1KB
- MD5
  
  5adfb10fa942ee453862b4adbcfbca6f
- SHA1
  
  d76867af1d617b82a6c2c69b43f3bcef5fedcdb2
- SHA256
  
  4cdbdd8e0e25072b84b74a3116f532819704a43daf567ef9230d137a11631895
- SHA512
  
  c79e0913d046d96cfacfd4bd345d021d9868492d4ee0c9422231daf3fc0c4b8d12fb0bf78bc410cb9c82c8dc1c5e54ff581daef5e7159cfa305d3535d3d16c4c
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  sandstone/beeches.cmd
- Size
  
  285B
- MD5
  
  57cef882821ede806a862637bae77143
- SHA1
  
  afff3356b2b10ed8acab378775d5a3b065293c37
- SHA256
  
  6c048dc4238b3e81c65ab176c80bfc34310ddc52efdfe09774e27ac7d2a1bf1d
- SHA512
  
  611cf3e1bebd77f94b9be962e843b5fd42d564787562e4c3c6c0ff243a3df352667d7dbf5b8eb9505f03a4de6d273287b1ca20efda562637c50f5fd296465c13
Score

1^/10
behavioral3 behavioral4
- Target
  
  sandstone/gold.cmd
- Size
  
  173B
- MD5
  
  55922906358d702a29877e82ba461031
- SHA1
  
  4d71f72f9b0b92520d9048ef812c7f43fa5459d5
- SHA256
  
  933b3f22d0d561a26af4984b12705af652882cdb2d12bdfd0acca0776f312daa
- SHA512
  
  2e569480f93fa65a05ba3b731d6a718ecce7346489be6d5ced59a5c440f21cd950ff640352d12b9207b74ab22f9940db44bf769df9f18ca3c9174377af7b0816
Score

1^/10
behavioral5 behavioral6
- Target
  
  sandstone/kilketh.tmp
- Size
  
  497KB
- MD5
  
  705aa22abcf9c66bfe8592db5456e25f
- SHA1
  
  09375663f13fc80966a6ed6cc7a703b096664ea3
- SHA256
  
  30ba48c675fe81437d78a25384a4c07e357577a58fe63cea022f0847e61e71b1
- SHA512
  
  5cb7a216237ad4bd83ec17fc7f6fedfad5e5f1abce48c7a1284d22adf70e79b2a8cf27fb3d4de3fb8e7faf3c14f07fdbb71c546283970801ec9b1c71e201fb8b
- SSDEEP
  
  6144:kc0+H0LwX/ei0iPlJgQwggr6cAhMtnEbER8wvyRaY4als1yc8UQw8Mz1fu:D06cilJy9tnY+yTLm8UQw8Mzxu
Score

10^/10

qakbot bb09 1670238005 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral7 behavioral8

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8