qakbot | 2ebaeeec8d4f6b267d466e1ea0cbcd3e356f422c76f063c26d56131f951d5723

General

Target

RRCG61.zip
Size

319KB
Sample

221208-ttd75aae32
MD5

353410090167036754a9f6bd372a8909
SHA1

56bfe14cf94a47d31d52f954822b42d9f8c1a955
SHA256

2ebaeeec8d4f6b267d466e1ea0cbcd3e356f422c76f063c26d56131f951d5723
SHA512

118412975687e005dc3eb92764357cb81ef02dc5864d84a57a0b129c2cc3269da1d4d3b3ac3af2a022f03da888b04254e024d5af55d620643ae263477eacd300
SSDEEP

6144:195jJ6PcEjEOyYW/FcPyY/Z7acNXcTlhMCCZp0HnPZRXD7jwKixNSCCqpiQ8C7P:13AItP/FnY/hLMrMCCZp4nRdD7j7i6K1

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

BB09

Campaign

1670238005

C2

76.100.159.250:443

66.191.69.18:995

186.64.67.9:443

50.90.249.161:443

109.150.179.158:2222

92.149.205.238:2222

86.165.15.180:2222

41.44.19.36:995

78.17.157.5:443

173.18.126.3:443

75.99.125.235:2222

172.90.139.138:2222

27.99.45.237:2222

91.68.227.219:443

12.172.173.82:993

103.144.201.62:2078

12.172.173.82:990

173.239.94.212:443

91.169.12.198:32100

24.64.114.59:2222

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  RRCG61.zip
- Size
  
  319KB
- MD5
  
  353410090167036754a9f6bd372a8909
- SHA1
  
  56bfe14cf94a47d31d52f954822b42d9f8c1a955
- SHA256
  
  2ebaeeec8d4f6b267d466e1ea0cbcd3e356f422c76f063c26d56131f951d5723
- SHA512
  
  118412975687e005dc3eb92764357cb81ef02dc5864d84a57a0b129c2cc3269da1d4d3b3ac3af2a022f03da888b04254e024d5af55d620643ae263477eacd300
- SSDEEP
  
  6144:195jJ6PcEjEOyYW/FcPyY/Z7acNXcTlhMCCZp0HnPZRXD7jwKixNSCCqpiQ8C7P:13AItP/FnY/hLMrMCCZp4nRdD7j7i6K1
Score

1^/10
behavioral1
- Target
  
  RRCG61.vhd
- Size
  
  2.0MB
- MD5
  
  c7985e2c53b3dc454eb15f202195047f
- SHA1
  
  d9b4dea38105627c51b732bda80315d8aef1e331
- SHA256
  
  6a97d727f793f3cdbfd245322cf1068dedc27f692d5d1fc52e039706fbe54b5e
- SHA512
  
  dfba7e1ae6ee8301cf7ae4cc542e03851c11f3728e77ae4e22769aa809c311e583c1df8a514563cedc8ae6e9b638630520ff512069ac4f06b85a5af77c85cba2
- SSDEEP
  
  49152:AHHsMHHHEHgHHHHPwuEwJ3wcH0HEHqHHHHHRYT8UQw8M:E8UQw8M
Score

3^/10
behavioral2
- Target
  
  RR.lnk
- Size
  
  1KB
- MD5
  
  a8c38608d5411b88706060ac04d6f21f
- SHA1
  
  1f8567de12ac31b37940759d8439db99787b3365
- SHA256
  
  da709e5848b82144fb05b765600786e8821b32ffb5f6f2022df3ca7a59c4a789
- SHA512
  
  6ea38fe9d735e72d02061d5afeca512794e4ac99af75a886e085e93c0757aa4f024a2edc08e54e87d73944f9cc0e7ba9f75104896f5138806ca55fa391fc0137
Score

10^/10

qakbot bb09 1670238005 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral3
- Target
  
  System Volume Information/WPSettings.dat
- Size
  
  12B
- MD5
  
  68d22fccf83d70bcb06b00d605a00f31
- SHA1
  
  313dc62df59402543944ce418afefe9d96f85730
- SHA256
  
  592bc508e4f439d39c4954b0993ca8a3430726b8d648f75502b7f4bfb7771643
- SHA512
  
  7ecd55329c020ece2e5014cb21faaf7624ee3c3fbfc21b4495f170d14bd5b97f6f4f0f6538ab5ded097b3ac0e4d42bc04bba7059afa531a8c404fa69397496d9
Score

3^/10
behavioral4
- Target
  
  unutterably/felons.cmd
- Size
  
  208B
- MD5
  
  e8b6b112db6347fd9b664ed8847bcbc3
- SHA1
  
  3cd044d4a9f1dab8c4793e372f3627b1285e964b
- SHA256
  
  b122314f8568bbf5034655f1e17d1dbf2902b7ee7b7a0f27d485bc0d5a55bd0d
- SHA512
  
  78d54bb4d80659992b557792ef824ce60ede9b055bd59a3a74871655c1d8d66cefd5414ee448c7a87810361051e3ef89f3307565241f77d09a560c35849f222c
Score

1^/10
behavioral5
- Target
  
  unutterably/offered.cmd
- Size
  
  295B
- MD5
  
  9673b66b99505d53c42d4a7e1fc4f034
- SHA1
  
  d0bb45562f93e8776eedd2789718b82822ffd597
- SHA256
  
  cebf4e464cc6623e3c72f593ec96888032a1266085fdc215e436650e3dbeca5f
- SHA512
  
  43a0fab7fcf24aebcac3cfe48564b6f7f298e66be9d21cf1c544edf120f584f60ca271fae8878774c0f541f68b24cc02c492d3a0711e3494fda38087f0d05bc9
Score

1^/10
behavioral6
- Target
  
  unutterably/satiable.txt
- Size
  
  271KB
- MD5
  
  22fc32b30495260a3b27671998255bff
- SHA1
  
  a2ca307ef89e6531ef8accbdbb681c1ff140e7fb
- SHA256
  
  7053377af4a72e098365da4d4dc0e288456b7e54d3784d0e30b59ec05a8f18c7
- SHA512
  
  bda5312cf0a035ab15cd76c6628a9ca2d27e6e56103a06923f2756ff36e9be3385a8daa1e349d04ebfaf5b8f3ac8a863eb0ec10c37b7258ef8144c239d69b495
- SSDEEP
  
  6144:eOYyyONHH/MOKMHHH6GOcoHgHHHHDW20EeSnwaBGxwJ3wBS6OlH0HsO+HVOFHHHr:eOMONHHkOKMHHHdOcoHgHHHHPwuEwJ3A
Score

1^/10
behavioral7
- Target
  
  unutterably/swam.tmp
- Size
  
  497KB
- MD5
  
  04339840283f48a2b949dfde31265a2a
- SHA1
  
  c16872ed0c8d65cc433002b97a5666882372dce6
- SHA256
  
  afaa18f35e2e816c73da36bd0c47a278b6fb35655d7fe1adea68235a7ca1a01b
- SHA512
  
  061fb31a7a364ee784c872af684d94c8822c4f2d8c7bae9fc908f61fc6776f9f61c3ba3388225833c92e769ef9bbe944fe9cf0486262278555fa71936f303c57
- SSDEEP
  
  6144:kc0+H0LwX/ei0iPlJgQwggr6cAhMtnEbER8wvyRaY4Gls1yc8UQw8Mz1fu:D06cilJy9tnY+yTbm8UQw8Mzxu
Score

10^/10

qakbot bb09 1670238005 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral8

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

4

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Qakbot/Qbot

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8