qakbot | 3041536c2a8e1a90ee11ba958e9ee764404a801fda04af11d256475064f752a6

Sharing

Copy URL

Twitter E-mail

General

Target

RRFB17.vhd
Size

2.0MB
Sample

221214-21zreaec6t
MD5

9550997039bcbbbfb97efcb802b53a93
SHA1

9db73320291c262c35c944011dd6c9b1ee9a4c0b
SHA256

3041536c2a8e1a90ee11ba958e9ee764404a801fda04af11d256475064f752a6
SHA512

277fc3df93591324dd6796d586f6d9a74376f68ae9369982b6777e2efe7dad5b7e066600b9243dae9ef89ac2f0a31ccf21e8d0d7f9a854e99f0d3dbc43fcc3fe
SSDEEP

24576:ldBrbfL6VHOe+lhMjcxy9tnYu8UQw8Md:ldBXT6FOe+l+j4Yx8UQw8M

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

BB09

Campaign

1670238005

76.100.159.250:443

66.191.69.18:995

186.64.67.9:443

50.90.249.161:443

109.150.179.158:2222

92.149.205.238:2222

86.165.15.180:2222

41.44.19.36:995

78.17.157.5:443

173.18.126.3:443

75.99.125.235:2222

172.90.139.138:2222

27.99.45.237:2222

91.68.227.219:443

12.172.173.82:993

103.144.201.62:2078

12.172.173.82:990

173.239.94.212:443

91.169.12.198:32100

24.64.114.59:2222

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  RRFB17.vhd
- Size
  
  2.0MB
- MD5
  
  9550997039bcbbbfb97efcb802b53a93
- SHA1
  
  9db73320291c262c35c944011dd6c9b1ee9a4c0b
- SHA256
  
  3041536c2a8e1a90ee11ba958e9ee764404a801fda04af11d256475064f752a6
- SHA512
  
  277fc3df93591324dd6796d586f6d9a74376f68ae9369982b6777e2efe7dad5b7e066600b9243dae9ef89ac2f0a31ccf21e8d0d7f9a854e99f0d3dbc43fcc3fe
- SSDEEP
  
  24576:ldBrbfL6VHOe+lhMjcxy9tnYu8UQw8Md:ldBXT6FOe+l+j4Yx8UQw8M
Score

3^/10
behavioral1 behavioral2
- Target
  
  out.vhd
- Size
  
  2.0MB
- MD5
  
  9550997039bcbbbfb97efcb802b53a93
- SHA1
  
  9db73320291c262c35c944011dd6c9b1ee9a4c0b
- SHA256
  
  3041536c2a8e1a90ee11ba958e9ee764404a801fda04af11d256475064f752a6
- SHA512
  
  277fc3df93591324dd6796d586f6d9a74376f68ae9369982b6777e2efe7dad5b7e066600b9243dae9ef89ac2f0a31ccf21e8d0d7f9a854e99f0d3dbc43fcc3fe
- SSDEEP
  
  24576:ldBrbfL6VHOe+lhMjcxy9tnYu8UQw8Md:ldBXT6FOe+l+j4Yx8UQw8M
Score

1^/10
behavioral3 behavioral4
- Target
  
  RR.lnk
- Size
  
  1KB
- MD5
  
  0c4d8928b2b0ad22832b1463bbbc77d9
- SHA1
  
  9439fcd7c533f6537f21e93c6777561416b4cbb7
- SHA256
  
  7786ec96b433d2fbb12f1a96560dfc05c91169c0d9df3bf24d27d2904e63d2d4
- SHA512
  
  9611ae89d8d47b129a60256fed583524947b33f47bd9bb55bc156a061aa4aea9002819ddbd013ac533c00b60ee97c493e01f76f9a71c9ca6f71109846a04c8f6
Score

10^/10

qakbot bb09 1670238005 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral5 behavioral6
- Target
  
  System Volume Information/WPSettings.dat
- Size
  
  12B
- MD5
  
  f456cb83106c0382caee7c7c082be1eb
- SHA1
  
  47198ee4dccf95bb770b5027c7804c0111398e5c
- SHA256
  
  260fa7ee11a84195a4221c0d245ac49af14f5c9b73df7ae9c8a8d06e82690d4e
- SHA512
  
  33897c18f4337aed4db5e73cddc985eed5e3449181042e0906757acb644d5bd7688840b35397e7bbd56b78545e078dbe1109dbbe9ebbff36a6de6e839d120827
Score

3^/10
behavioral7 behavioral8
- Target
  
  unmarketable/awed.gif
- Size
  
  28KB
- MD5
  
  59a948af4a0630f230f6637a72318934
- SHA1
  
  41154c5636aeab819120fa0c4095fecfbe8340f9
- SHA256
  
  2ecdf5921662f523fe96ad01e35058ef2f2c2e3e4b25e725029be6f78afe1005
- SHA512
  
  524c992a73256269ae81e0632d7f56db7c12fa505f13e7bd2233085896e357d40369c9e9042996ea1128715ba18b82c971530af8047e109e4e23486541abd939
- SSDEEP
  
  768:xpXKilN/5DxZae4GK3hhUS+eI3TA+/Edpvd:ui1nae4hRhUS+eIcGEdb
Score

1^/10
behavioral10 behavioral9
- Target
  
  unmarketable/condone.tmp
- Size
  
  497KB
- MD5
  
  a1fc391a1541aacd71f9bb5b794a997b
- SHA1
  
  7dd0d1eb71365d57d5ba84b8ae2dbec46b59c4a2
- SHA256
  
  bba703781627c9860eb3652e67eba6caa2ce44f353c2f296704c3264ff8a7659
- SHA512
  
  4b335388ae9db1217c42c1a6b4769581821e4a222dba1a4f98ed975e61b82772bb2b64e868e0d4c786b4d492b4678eb133f9091a7a831d5a53e2d00fc14f98ce
- SSDEEP
  
  6144:kc0+H0LwX/ei0iPlJgQwggr6cAhMtnEbER8wvyRaY4Yls1yc8UQw8Mz1fu:D06cilJy9tnY+yT1m8UQw8Mzxu
Score

10^/10

qakbot bb09 1670238005 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral11 behavioral12
- Target
  
  unmarketable/dislodging.gif
- Size
  
  28KB
- MD5
  
  110b37a1c346f5b283fb4e2f48c612b3
- SHA1
  
  17740aab1283a32d495016d799b15dbcd46b999b
- SHA256
  
  1f5bb48820e2dfab0e31b78fb27eee3fe295ab9b95d71b8dab134cb4e5f53f9b
- SHA512
  
  129bbbdf9f28fa66dc0d159aac9875bab7f55f952c0a6417ce33057cbfd1133e82bfded2ce9d094a4e999c14d08fef9d4bb899ed00a01a4055d1e2bdc18a0ae3
- SSDEEP
  
  768:OhqEfk2tk1emUcqDbdvmCMbK7iEBWRN835:jE+12eK1WRC35
Score

1^/10
behavioral13 behavioral14
- Target
  
  unmarketable/embedding.txt
- Size
  
  235KB
- MD5
  
  a7a8be6398437ca88d8e71a79621fedb
- SHA1
  
  13d46d443b63096ae81bf0e3482b748c45a92835
- SHA256
  
  1d8393a2a1a39f49f6581a59d594906f1f7aa59b3409fc27887c4a612ac97cef
- SHA512
  
  e178a10c79e1ebf4718d593d075a15cbee81515ea8b7d8efe07a045be1b563a5b55df71bd1689613e9301d59fac65a32a303eac1f64e67935e06a1c359960a95
- SSDEEP
  
  6144:+bO88nuNb9v1WWEqalDWX6plD15UlDL7mQWt0RrilDP/S1N20WbmflDHL+mwgevt:5fL6VHOe+lhMj+
Score

1^/10
behavioral15 behavioral16
- Target
  
  unmarketable/multifarious.cmd
- Size
  
  232B
- MD5
  
  b7aa41cc47a7a6a54f12151c0f158197
- SHA1
  
  5f9009e69b14e6279d89d10741b95122a06f6323
- SHA256
  
  2d98943613b1319ab242bc1785d4c555a2293d37568485ccd2dda55340c043fc
- SHA512
  
  c5302fd8c590a3c80d6ee3f5f9e75f10e14b1586669ab14308f50d675fac32514374476b6c326487c117f133a0887f6ba9f43f5ea604cd5e4b1ad048ccfa6c50
Score

1^/10
behavioral17 behavioral18
- Target
  
  unmarketable/placeable.cmd
- Size
  
  317B
- MD5
  
  e768f8b4f2dbd0bf62eb438c6d602a12
- SHA1
  
  e7dfcacc113f40e04fc7fe00d5058f02fd3e46cd
- SHA256
  
  f89bf878e9ead03466cd2cea24d24dbec2bc75796380a9fa1ec84dc24b53ce1d
- SHA512
  
  e1c3fe25821b9e5f6059a8d580ed8b34095baa8334d87519f41f580f3dca04a28697ed2e6354641cd31f6eabc30f299c446e0b39f461b529a18df48cd3102aa1
Score

1^/10
behavioral19 behavioral20
- Target
  
  unmarketable/profitable.jpg
- Size
  
  32KB
- MD5
  
  6454a93bca820a6a20180ee757b50c3a
- SHA1
  
  6888bb6b3cac89dce3de0ceff58af30006546900
- SHA256
  
  9c1d2cc3a726542b617ecf6701eba50f6fbc6a1355a0c15fc2f8b66ea8b9f372
- SHA512
  
  87ebb960a17e8abe3cbb1bb218ee0108efb11406cc708083eb2ea7ed487c8ee00866e59102a5bdb035f96cba57f77ad3fe02ba1813ccdce1678267d9d9ef73c7
- SSDEEP
  
  768:Lmh8Kr2wGmBHb2mQ7plLFx9qJiF73xfxcpsTpIHABCl:yTr2J0SmQ7ptMKxcpvHABCl
Score

3^/10
behavioral21 behavioral22
- Target
  
  unmarketable/strewing.png
- Size
  
  27KB
- MD5
  
  7a517188f1321537a20ecaf7004dce05
- SHA1
  
  5f7849ae9c92b3322308b41166a4c8a63a779ff6
- SHA256
  
  30220d2fbf4a77ac280db5abda4f1ff96bf22c1ffcc0c068de239ef27fac049f
- SHA512
  
  e1aa0860e7a66f6d2d9ed287f8155f176aaa55cf87ce76ac31759f211aae5c0ee1eb0d7be32b8b58c86466c79df47d6ff5a9c86d0265ea5abc22b359cfb68961
- SSDEEP
  
  768:G7gp87hD/vR2EH0t0DHMXz1E7Ru/gUATS:G7gm71/vHUQHMjau/7
Score

3^/10
behavioral23 behavioral24

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24