qakbot | f6c5d0064568344d3c56561bcc3e6b843a1bba496a4c372f451fe5831d3cce8f

General

Target

BM-865.iso
Size

101.2MB
Sample

221209-1cs4aaed56
MD5

c436ce31cda595fdcb5a427bcafa4bcf
SHA1

371c2d8678b6ebb99b65b6ac187fb08819e3ff8b
SHA256

f6c5d0064568344d3c56561bcc3e6b843a1bba496a4c372f451fe5831d3cce8f
SHA512

53b3e09022c93ed07652e16a9b0bf9e370e7b2d4369a1c9401084494d37b8a10cd440e43b63893167db15ffa42305a93c67cdf9cdde73b860bb4e78a43ff4eff
SSDEEP

24576:KIfK3N4K+aqMqmz/WdxrN81BK9pBBuWb:Kr5CMqqAxCK9pBBuWb

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

BB08

Campaign

1669628564

C2

98.147.155.235:443

85.52.73.34:2222

75.158.15.211:443

2.91.184.252:995

92.106.70.62:2222

85.152.152.46:443

86.159.48.25:2222

217.128.91.196:2222

92.11.189.236:2222

83.92.85.93:443

2.83.62.105:443

93.24.192.142:20

76.20.42.45:443

24.64.114.59:2078

73.36.196.11:443

130.43.99.103:995

172.117.139.142:995

100.16.107.117:443

12.172.173.82:22

176.151.15.101:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  BF.vbs
- Size
  
  180B
- MD5
  
  2cd1f8dc755fe95803f559eb2fafd426
- SHA1
  
  0f10bdd9fee72736f9edacb687164d6f48a410be
- SHA256
  
  4f20d3df38ca5be59c5e550ee96ddc3e2331ec497872c335e1f3b071bf96ea15
- SHA512
  
  8d1cbd47d51afd56633708d3b872f924b78c28f5d074fa9a9340b4d487dc3d624b37d9651c09586bca3fc8f24169490e14f910a0731eeeb1e647710ec52cbe93
Score

10^/10

qakbot bb08 1669628564 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  teased/expletives.vbs
- Size
  
  180B
- MD5
  
  2cd1f8dc755fe95803f559eb2fafd426
- SHA1
  
  0f10bdd9fee72736f9edacb687164d6f48a410be
- SHA256
  
  4f20d3df38ca5be59c5e550ee96ddc3e2331ec497872c335e1f3b071bf96ea15
- SHA512
  
  8d1cbd47d51afd56633708d3b872f924b78c28f5d074fa9a9340b4d487dc3d624b37d9651c09586bca3fc8f24169490e14f910a0731eeeb1e647710ec52cbe93
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  teased/vehemently.ps1
- Size
  
  362B
- MD5
  
  303ff5de570252c4623e1482e05dc5a2
- SHA1
  
  2a3fd1038d4b4071749256e5db1b95c9f7d1ee1a
- SHA256
  
  fa84d10f15990f651fac05a1a1eba427cf124589673f6017e88bc173c8a49ed1
- SHA512
  
  56e6399a52b57a2332c4e4ebb2441d02474aac5bc8b70efe1e1ce7d2e6c59e2f9ecef7e2995363534ca0996bce6db0f984f6cec55b06108bd085aea211b2db02
Score

1^/10
behavioral5 behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

4

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Loads dropped DLL

Checks computer location settings

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6