qakbot | ac738b061845ca506d186c7749080cdbf443f859e2b551dd0402474b2604b249

General

Target

RRBD49.zip
Size

301KB
Sample

221207-q2ebbafa79
MD5

d6db716f1e929bca261656a027ad621a
SHA1

49f959f7f1e333b692c9ca0b13f6c714cf134bc8
SHA256

ac738b061845ca506d186c7749080cdbf443f859e2b551dd0402474b2604b249
SHA512

024a8fcaed4507b65a365c93b9d6827411f37734b1507bfff9e539e24593d6aa2e05f1274bdd96ceeccc5142f694de9d8a2fd4ad5c945a61a5c7d404d368408e
SSDEEP

6144:WqtzQRLhxB0+zw5VihOHqdpIbdh7QlTIAXEMR93XXGifhhvKf6Grt9a:xiRLhHzw5ViVdQPobR9nX5hZKCGh9a

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

BB09

Campaign

1670238005

C2

76.100.159.250:443

66.191.69.18:995

186.64.67.9:443

50.90.249.161:443

109.150.179.158:2222

92.149.205.238:2222

86.165.15.180:2222

41.44.19.36:995

78.17.157.5:443

173.18.126.3:443

75.99.125.235:2222

172.90.139.138:2222

27.99.45.237:2222

91.68.227.219:443

12.172.173.82:993

103.144.201.62:2078

12.172.173.82:990

173.239.94.212:443

91.169.12.198:32100

24.64.114.59:2222

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  RR.lnk
- Size
  
  1KB
- MD5
  
  99c13f13a9ff15fe23be566df534b00b
- SHA1
  
  28a1850d467da6dfe000ec56070ddbff3ebd8f2d
- SHA256
  
  24372ffb6203b0b5baf871d4089a5c2e0a5f7e39bc8681f525c74ab60b52c4a5
- SHA512
  
  4d880757d02b4f5798305cb15643f942ceb1a492c32c2e331c8b45878e03ad0dc33ead2ec68d3e695fe8e3d497922067fe05ec58e712e36f81f154c0d9e76223
Score

10^/10

qakbot bb09 1670238005 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  mollusks/countersink.cmd
- Size
  
  334B
- MD5
  
  9d6b53c58320a436a8cba81ed2b36578
- SHA1
  
  2b9d3193b70cac52897aef536257f52cf268c47f
- SHA256
  
  19c18ff61c211c419b5bcacfed5b1f8b0dcf9ea4629f1f42c7c96fe791724342
- SHA512
  
  3f7f9ac263947eb287abe2f3698a5d109cb77ea3f52a545a8984257ed2ad0f38d2a92a799522166f1b78eccc724db91d3f0864184634937f66eeb110dfbc3296
Score

1^/10
behavioral3 behavioral4
- Target
  
  mollusks/enlisting.cmd
- Size
  
  242B
- MD5
  
  19d169229401b45456684d6ffb575927
- SHA1
  
  150886349a8c370bfa14ec509dd2c594ecf2d63c
- SHA256
  
  6fbd6bd17bb83f03e1c1fcf1b4054e55bc1d0a29913c07092c378f6eb7a75042
- SHA512
  
  b7547c9519b563e6024101610aaa71a2934fd2de23d396d0e300bbda8d8b1072ceb0d8ccfc78532a85a1f4b347a4765f265775f9f042bbc012861714e381fb3c
Score

1^/10
behavioral5 behavioral6
- Target
  
  mollusks/fondest.tmp
- Size
  
  497KB
- MD5
  
  25f28cb2e56bdbe858e5c82b1fba4d14
- SHA1
  
  6ad8bebc78b0dfc47a894ee516e39eeee810c5f0
- SHA256
  
  96d2f4131542e1b4a6e9bba0bf3807008cb8340e7d247b464fdbebe11031d9e2
- SHA512
  
  7544d384847b7131e64d2c4c0a022b257455d0d2714d9a1f00df11c3cd7ed45917738a98618f4fbccce4c1a3f9541b09f95d7e19f0cd000beec95eb98d99621a
- SSDEEP
  
  6144:kc0+H0LwX/ei0iPlJgQwggr6cAhMtnEbER8wvyRaY4lls1yc8UQw8Mz1fu:D06cilJy9tnY+yTcm8UQw8Mzxu
Score

10^/10

qakbot bb09 1670238005 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral7 behavioral8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8