qakbot | b393d0b041aeb2299936d2362b67e324e7a8c6765a5bfacdabff3c4820c841c7

General

Target

188a9a0f-a66d-4cd0-a2f6-9ddcedeaad66.zip
Size

360KB
Sample

221212-hcmx6aag45
MD5

5ea038c683c17c1e8bd13732ea38d81e
SHA1

0e652105549adf2897d598fbca64dd01b74d17e1
SHA256

b393d0b041aeb2299936d2362b67e324e7a8c6765a5bfacdabff3c4820c841c7
SHA512

1eca1d4d7abf1d0e4b8542e95ca80cd7a634400f920ef7fb3c0b74fd0a2d7fdfd732c2f90962798536f9f36ec819578e7949efcda03b2b7e1f8a7fabb54ddec5
SSDEEP

6144:9K939L8QAJwgrdJDolkT3LLdWzSNToQBT/YhulTS72TX92EYpXzvu0oAvz7L0re:9Q358QQwg/D73QzSVG4BS7yEnpjvud8V

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

azd

Campaign

1670515354

C2

136.35.241.159:443

73.36.196.11:443

12.172.173.82:50001

190.24.45.24:995

193.253.100.236:2222

109.11.175.42:2222

92.8.190.211:2222

50.90.249.161:443

66.180.226.117:2222

201.208.139.250:2222

12.172.173.82:22

75.98.154.19:443

24.142.218.202:443

70.77.116.233:443

90.4.193.117:2222

24.69.87.61:443

98.147.155.235:443

83.213.192.136:443

176.133.4.230:995

71.31.101.183:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  IncomingPay/Issues.cmd
- Size
  
  9KB
- MD5
  
  c410a402dcc8754f76fc5094ab2caca9
- SHA1
  
  2103f06f67640b691d48058d671467f8408f123a
- SHA256
  
  20e3441a46717fc6cd0ad5a4dca25246c211e8c355755dae067c45ff2d97f59b
- SHA512
  
  5564262ebd9670ad0cbdf163dfedfdceb8aaa77537e9dcd60a1fe5643f97543898285952ce946148d937dab0535d46b6acf6f8a6bc7bb2b9262f8b667b5f85c1
- SSDEEP
  
  192:8H6085ps75H4cCGuP02agJu36aHZnHpWydZ5ycFnNf0elJBI6h7f9I588:8Hc075H4E2a/jHxrdZ0oLE68
Score

10^/10

qakbot azd 1670515354 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral1 behavioral2
- Target
  
  IncomingPay/NewInformation.lc
- Size
  
  645KB
- MD5
  
  dc01f89f042f88c520f6c93f27ad296d
- SHA1
  
  b64304ba5bdd378b6155135b3e3847aa9a04cb34
- SHA256
  
  f4f8a14f76055dbe55422ba8754582ed8abf139b7ed33630fa656cb7e879bc7d
- SHA512
  
  412ff1ca8fde1ccddebf1f91b06cedf6e50a990a662a5b5ec92f8a5815b1a807ef571faeb836ae724813060d6e7f34bbf2a60bc30ec74606abbdccc70231286f
- SSDEEP
  
  12288:zYokNyxh/QFYZLlW0qSQ8qVC6od45xk2SCWise:EdEvoFkRkS/qI6odz2vWi
Score

10^/10

qakbot azd 1670515354 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral3 behavioral4
- Target
  
  SCAN_DT6281.lnk
- Size
  
  1KB
- MD5
  
  702d43f37081ff47ec55f4a965ee892d
- SHA1
  
  fa82bc945eebf1b83b108bb5ebb3e3aa194a06fc
- SHA256
  
  1aa40f0bcf14d02d5aa184c70f2d9fb8e20532777a63094580abf1d79d2525e6
- SHA512
  
  4fcdfb89f9c79bd05d83a00faf543af9fe1e30a5bffbc6ce01701df793eb7a9d3fe4296a1a0cffc3014600507edd49ff609e897f7bcd477e47a8e457c705d9f1
Score

10^/10

qakbot azd 1670515354 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral5 behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Qakbot/Qbot

Qakbot/Qbot

Checks computer location settings

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6