qakbot | eeda820f8ee27fc483d338b59a5122e369c1749f0be8c1b1cd2276588471a175

General

Target

UC-914.iso
Size

101.2MB
Sample

221209-z981bshc2x
MD5

f8796cf1d6e4c09fe0a069c06693ca99
SHA1

8c970a316bbd04d8572b2412a956a5776d4892f5
SHA256

eeda820f8ee27fc483d338b59a5122e369c1749f0be8c1b1cd2276588471a175
SHA512

9c1243de570e44e58c81846d60cb4ed38c2cd3f085669818511e2746fef33d397f47a20c2709869fa550f260f9b089125ad0e1c9fa138436aec5377be82aa231
SSDEEP

24576:/IfK3N4K+aqMPmz/WdxrN81BK9pBBuWb:/r5CMPqAxCK9pBBuWb

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

BB08

Campaign

1669628564

C2

98.147.155.235:443

85.52.73.34:2222

75.158.15.211:443

2.91.184.252:995

92.106.70.62:2222

85.152.152.46:443

86.159.48.25:2222

217.128.91.196:2222

92.11.189.236:2222

83.92.85.93:443

2.83.62.105:443

93.24.192.142:20

76.20.42.45:443

24.64.114.59:2078

73.36.196.11:443

130.43.99.103:995

172.117.139.142:995

100.16.107.117:443

12.172.173.82:22

176.151.15.101:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  BF.vbs
- Size
  
  180B
- MD5
  
  fcf6c65b599aaad756e0c32e688ec9db
- SHA1
  
  28e5e0be32ec5d837dcbbf8bbe5be9a44e14750b
- SHA256
  
  dc9c38ba168c5fd0c78917e9cd8f1ddf7119c59a80ef5e097705091a157a3cb0
- SHA512
  
  e25f419e1b489e7f23259395ed39bca2b964ef5a963efdaa102415928f7e5370823a128c5510f5417617c50b200f2588257716d45a8c742e3cca364daa44e37b
Score

10^/10

qakbot bb08 1669628564 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  teased/beguiler.vbs
- Size
  
  180B
- MD5
  
  fcf6c65b599aaad756e0c32e688ec9db
- SHA1
  
  28e5e0be32ec5d837dcbbf8bbe5be9a44e14750b
- SHA256
  
  dc9c38ba168c5fd0c78917e9cd8f1ddf7119c59a80ef5e097705091a157a3cb0
- SHA512
  
  e25f419e1b489e7f23259395ed39bca2b964ef5a963efdaa102415928f7e5370823a128c5510f5417617c50b200f2588257716d45a8c742e3cca364daa44e37b
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  teased/brainwaves.ps1
- Size
  
  366B
- MD5
  
  d999bce28a38621792df566ed981778a
- SHA1
  
  44e4c83d6a67fe60e4458f6e52a9bed7f1ef221a
- SHA256
  
  2401544d6ef74e83d65dae84694e0ac53e48301821507b1327e9a143bb4d1134
- SHA512
  
  0994f76e5d6db3a8ed1a03e865d6552da260e5ccbde6d4e685c42ff4222adeb80742adb6856e7b90294a34a991d2e48adf04dd27f6626b598e56dd25d5771ab7
Score

1^/10
behavioral5 behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

5

T1082

Remote System Discovery

1

T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Loads dropped DLL

Checks computer location settings

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6