qakbot | 2d9493677b6e947b8ac731b566fca525ac9885d66400d00d1b20667baec93d10

Sharing

Copy URL Twitter E-mail

General

Target

SI12.iso
Size

868KB
Sample

221216-f22rhaha3x
MD5

f07931fb29a79a0b3a2b471cc5d68279
SHA1

84ca69b8869732d6bbaec8eff15f93225a2578da
SHA256

2d9493677b6e947b8ac731b566fca525ac9885d66400d00d1b20667baec93d10
SHA512

d704d644cf5c3884e668098fbc2d54aaf3368f14b85bde0162af6f56031b6c6b4eccf5435c3d91d48d3d64ff0fc894c529b16132b02311f14316e630f48daf8d
SSDEEP

6144:q8vIbSUajYBFu5skfyZNI9i7mGHrx1SeOQdHIxF5n2PbLXR+5YJKOBNKSE6OIwx:dIbAdtKA91GHrxhsnuQ5YJKOaSE6O

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

BB10

Campaign

1671090444

108.6.249.139:443

92.145.203.167:2222

24.206.27.39:443

178.152.25.80:443

87.57.13.215:443

75.143.236.149:443

49.245.119.12:2222

84.35.26.14:995

86.130.9.250:2222

12.172.173.82:995

147.148.234.231:2222

83.114.60.6:2222

213.67.255.57:2222

102.40.202.189:995

149.126.159.106:443

50.68.204.71:995

47.41.154.250:443

50.68.204.71:443

12.172.173.82:465

190.18.236.175:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  VV.lnk
- Size
  
  1KB
- MD5
  
  da89091024038044a4916898b204694a
- SHA1
  
  16d1ba594783eb8419d4e01ace8e5ef2cce1c2b2
- SHA256
  
  520759764b122cca77f74563f0af8d2b7c190de29b0d531b57ef8293128f1b30
- SHA512
  
  11e9337468429e30da937ad42a2a40f0c1156e1f1ec58e155262ac8848481b36b62659efde9753d4f4b4fbe8a8ae8f74cb740ad782b86043d8669d96c20a0fc8
Score

10^/10

qakbot bb10 1671090444 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  slings/forging.cmd
- Size
  
  217B
- MD5
  
  6a1a6165c5536c6aada476f78cc03cdd
- SHA1
  
  729eca7f618576da69f0c7e51fb601e80e4e574d
- SHA256
  
  14787095ddb4ebb8dcf9c1d856f7c17afc60f0187f9642b8eadc2a73af2a2bb9
- SHA512
  
  73c05af29cb11bbc05fbf5d497ad7f1d0bab15cb4e7d79f1c2a0d60bff0fb3bf824d07726a788537c987dea136999bb2475b2a643cb7a2b56f28908329213c01
Score

1^/10
behavioral3 behavioral4
- Target
  
  slings/overlaid.cmd
- Size
  
  301B
- MD5
  
  e5ceec32bcbfbee8fd876f8212da4cd2
- SHA1
  
  e2abf007d02a79b90a5550845591d88739ec7a3d
- SHA256
  
  80693db6ab7f131371c7ac2a48cbaf493f59a2ff08543149c37cd7074be9bae7
- SHA512
  
  3e40cce35d8906b14aa0fe12b4f4ff975933fd41191865ef9b289999411cce340f93784cd558febfff2766d92dbc41bdbdb216865307c40756f21080367cb238
Score

1^/10
behavioral5 behavioral6
- Target
  
  slings/planks.sql
- Size
  
  730KB
- MD5
  
  bfa8f1c08cf6e88316f856819e7f7f24
- SHA1
  
  67a001d8c434dea1418691c77e43d392125d7eac
- SHA256
  
  a94d25fa40ed85dbf3dc428cd652181f8016e4a246eea7668f57aec8d08b9d89
- SHA512
  
  4e8faaa9a1844db5d3c51e0436c0cb9eea0ab5fbe142f3b9360b5e7ec9266c0aa198dc8f0cc74138892cd488577a69aa656daca3bc672afd617d1ef5ac0802a8
- SSDEEP
  
  6144:B8vIbSUajYBFu5skfyZNI9i7mGHrx1SeOQdHIxF5n2PbLXR+5YJ:sIbAdtKA91GHrxhsnuQ5YJ
Score

10^/10

qakbot bb10 1671090444 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral7 behavioral8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8