qakbot | 4ef2179809df94293062af15d256f1b7bf8f3f37e143dacc62fe4a5652fac244

Sharing

Copy URL

Twitter E-mail

General

Target

RRPT35.vhd
Size

2.0MB
Sample

221214-27aqvsec6y
MD5

ff806b5ae73d7a70beca3f033dafde6e
SHA1

9ec3a501cc55af164758d7aecfaa3cbf62521c41
SHA256

4ef2179809df94293062af15d256f1b7bf8f3f37e143dacc62fe4a5652fac244
SHA512

7005de85ccf5aaaac4763d120299c276a7e0aef3e63154cb55fad717fd99fe42cdead94be165dcf1f41323d3f4a87943509c9355676fff83d3a70ae317f82081
SSDEEP

6144:f8Xc0+H0LwX/ei0iPlJgQwggr6cAhMtnEbER8wvyRaY4qls1yc8UQw8Mz1fu:f8s06cilJy9tnY+yTLm8UQw8Mzxu

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

BB09

Campaign

1670238005

76.100.159.250:443

66.191.69.18:995

186.64.67.9:443

50.90.249.161:443

109.150.179.158:2222

92.149.205.238:2222

86.165.15.180:2222

41.44.19.36:995

78.17.157.5:443

173.18.126.3:443

75.99.125.235:2222

172.90.139.138:2222

27.99.45.237:2222

91.68.227.219:443

12.172.173.82:993

103.144.201.62:2078

12.172.173.82:990

173.239.94.212:443

91.169.12.198:32100

24.64.114.59:2222

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  RRPT35.vhd
- Size
  
  2.0MB
- MD5
  
  ff806b5ae73d7a70beca3f033dafde6e
- SHA1
  
  9ec3a501cc55af164758d7aecfaa3cbf62521c41
- SHA256
  
  4ef2179809df94293062af15d256f1b7bf8f3f37e143dacc62fe4a5652fac244
- SHA512
  
  7005de85ccf5aaaac4763d120299c276a7e0aef3e63154cb55fad717fd99fe42cdead94be165dcf1f41323d3f4a87943509c9355676fff83d3a70ae317f82081
- SSDEEP
  
  6144:f8Xc0+H0LwX/ei0iPlJgQwggr6cAhMtnEbER8wvyRaY4qls1yc8UQw8Mz1fu:f8s06cilJy9tnY+yTLm8UQw8Mzxu
Score

3^/10
behavioral1 behavioral2
- Target
  
  out.vhd
- Size
  
  2.0MB
- MD5
  
  ff806b5ae73d7a70beca3f033dafde6e
- SHA1
  
  9ec3a501cc55af164758d7aecfaa3cbf62521c41
- SHA256
  
  4ef2179809df94293062af15d256f1b7bf8f3f37e143dacc62fe4a5652fac244
- SHA512
  
  7005de85ccf5aaaac4763d120299c276a7e0aef3e63154cb55fad717fd99fe42cdead94be165dcf1f41323d3f4a87943509c9355676fff83d3a70ae317f82081
- SSDEEP
  
  6144:f8Xc0+H0LwX/ei0iPlJgQwggr6cAhMtnEbER8wvyRaY4qls1yc8UQw8Mz1fu:f8s06cilJy9tnY+yTLm8UQw8Mzxu
Score

1^/10
behavioral3 behavioral4
- Target
  
  RR.lnk
- Size
  
  1KB
- MD5
  
  f8713ccdeffcbffbf404dbb2ad5ae9cf
- SHA1
  
  eaa16c713805ddec2e59f0b9bc474f581d89d076
- SHA256
  
  525897ff0a687983729a1cb57a68dcd491695d75b22cfdbb2c19c2b7c6823816
- SHA512
  
  330705322e130793d94b87afd2e0038724289386dd25053c10b95292665c5d94456e645fbb7d458f7b2a0fa8578e893efa79365b7676d14fb182a895dde0079c
Score

10^/10

qakbot bb09 1670238005 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral5 behavioral6
- Target
  
  System Volume Information/WPSettings.dat
- Size
  
  12B
- MD5
  
  f5c370841e3693a9df70091224e22d66
- SHA1
  
  61ccc47af18a00fed9efde2326c57fad8568972e
- SHA256
  
  73c945e24a025f3eb044d72d9f09a006d9b55868684411c35a17c7552b0d779b
- SHA512
  
  de275dee75cd20844cedbc5a4cf8c8d6893e63146e4983c0cbc9034afa50fa5dcdd4c55d60d34a87a81e24529d47d19990c4a81fa9ac3809bf1c1cdc78bff769
Score

3^/10
behavioral7 behavioral8
- Target
  
  ay/ebullient.cmd
- Size
  
  224B
- MD5
  
  20f195a2ef6ed08ddc2637ecf6a4a6a8
- SHA1
  
  8ad85e4e4f8fef48c4fdd87a8a3f275096be0d25
- SHA256
  
  88a7a35708a81212e53ae2d198ecf9c2a72a9b9f2fd770e74b409fafc79335a5
- SHA512
  
  75d399020194d93536c30cb75bb530a3a525d7c86eee04eea9af6d077ee984a9302b516db86256866997791bfbae4c9a72c06f5f33f72eeedf4eb115b774fc70
Score

1^/10
behavioral10 behavioral9
- Target
  
  ay/inquisitory.cmd
- Size
  
  300B
- MD5
  
  74b5259c3ddd0971546e0ec90e15aad8
- SHA1
  
  c46cf579e1d1da2ecce23542f48fd209841f8612
- SHA256
  
  0c98a7e7e975a4de1c3f61cc266913a5f610f12e6e1d9760b6072ebae0b11f41
- SHA512
  
  917a3b2dbf4e411d096bf4e3ff6b41cee88c307819a4a3661e9fce350618f338040a195ce9a41206c826be2345774e58f7181799ab0122268c745d64a0b61235
Score

1^/10
behavioral11 behavioral12
- Target
  
  ay/limits.tmp
- Size
  
  497KB
- MD5
  
  6ecca120cda5dc58a76c12e946d02512
- SHA1
  
  a54824607f828b579a9f940cdd2786139e644b4c
- SHA256
  
  e8226079381730512bf2601cafa0969bee12d02d10500bc186743890a29483af
- SHA512
  
  c7d935f384dc5a9ef9b02accf6446bcf282f3472260866b76eb7e7fc4ba1736f1cf65ba8750f6124a263e6eee5e0fdf6c9652af6512c457eb27392860f12a3ac
- SSDEEP
  
  6144:kc0+H0LwX/ei0iPlJgQwggr6cAhMtnEbER8wvyRaY4qls1yc8UQw8Mz1fu:D06cilJy9tnY+yTLm8UQw8Mzxu
Score

10^/10

qakbot bb09 1670238005 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral13 behavioral14

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14