qakbot | ac738b061845ca506d186c7749080cdbf443f859e2b551dd0402474b2604b249

Resubmissions

22-12-2022 16:52

221222-vdqrnaaa2s 10

08-12-2022 06:58

221208-hrtdgscb7z 10

Sharing

Copy URL

Twitter E-mail

General

Target

ac738b061845ca506d186c7749080cdbf443f859e2b551dd0402474b2604b249
Size

301KB
Sample

221222-vdqrnaaa2s
MD5

d6db716f1e929bca261656a027ad621a
SHA1

49f959f7f1e333b692c9ca0b13f6c714cf134bc8
SHA256

ac738b061845ca506d186c7749080cdbf443f859e2b551dd0402474b2604b249
SHA512

024a8fcaed4507b65a365c93b9d6827411f37734b1507bfff9e539e24593d6aa2e05f1274bdd96ceeccc5142f694de9d8a2fd4ad5c945a61a5c7d404d368408e
SSDEEP

6144:WqtzQRLhxB0+zw5VihOHqdpIbdh7QlTIAXEMR93XXGifhhvKf6Grt9a:xiRLhHzw5ViVdQPobR9nX5hZKCGh9a

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

BB09

Campaign

1670238005

76.100.159.250:443

66.191.69.18:995

186.64.67.9:443

50.90.249.161:443

109.150.179.158:2222

92.149.205.238:2222

86.165.15.180:2222

41.44.19.36:995

78.17.157.5:443

173.18.126.3:443

75.99.125.235:2222

172.90.139.138:2222

27.99.45.237:2222

91.68.227.219:443

12.172.173.82:993

103.144.201.62:2078

12.172.173.82:990

173.239.94.212:443

91.169.12.198:32100

24.64.114.59:2222

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  ac738b061845ca506d186c7749080cdbf443f859e2b551dd0402474b2604b249
- Size
  
  301KB
- MD5
  
  d6db716f1e929bca261656a027ad621a
- SHA1
  
  49f959f7f1e333b692c9ca0b13f6c714cf134bc8
- SHA256
  
  ac738b061845ca506d186c7749080cdbf443f859e2b551dd0402474b2604b249
- SHA512
  
  024a8fcaed4507b65a365c93b9d6827411f37734b1507bfff9e539e24593d6aa2e05f1274bdd96ceeccc5142f694de9d8a2fd4ad5c945a61a5c7d404d368408e
- SSDEEP
  
  6144:WqtzQRLhxB0+zw5VihOHqdpIbdh7QlTIAXEMR93XXGifhhvKf6Grt9a:xiRLhHzw5ViVdQPobR9nX5hZKCGh9a
Score

1^/10
behavioral1 behavioral2
- Target
  
  RRBD49.vhd
- Size
  
  2.0MB
- MD5
  
  c4c1e58fc9dcc69451b3ec4e9d006a79
- SHA1
  
  652358652355bec9ba5e9c552da4fa34555f25a4
- SHA256
  
  88bc05fa12f48b1775261f8710aef56ca5cb55b9b5331236ef05312dec137c13
- SHA512
  
  65d8f3e6a9f2e1e6d69563495b08904f25450c92b38917993b76e9c520dd8eeb721f01817ad33f53942b587f9c5ea83c25e49e74a99c3c1d5d23a95c6e2087d7
- SSDEEP
  
  6144:3Wsc0+H0LwX/ei0iPlJgQwggr6cAhMtnEbER8wvyRaY4lls1yc8UQw8Mz1fu:mb06cilJy9tnY+yTcm8UQw8Mzxu
Score

3^/10
behavioral3 behavioral4
- Target
  
  RR.lnk
- Size
  
  1KB
- MD5
  
  99c13f13a9ff15fe23be566df534b00b
- SHA1
  
  28a1850d467da6dfe000ec56070ddbff3ebd8f2d
- SHA256
  
  24372ffb6203b0b5baf871d4089a5c2e0a5f7e39bc8681f525c74ab60b52c4a5
- SHA512
  
  4d880757d02b4f5798305cb15643f942ceb1a492c32c2e331c8b45878e03ad0dc33ead2ec68d3e695fe8e3d497922067fe05ec58e712e36f81f154c0d9e76223
Score

10^/10

qakbot bb09 1670238005 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral5 behavioral6
- Target
  
  System Volume Information/WPSettings.dat
- Size
  
  12B
- MD5
  
  cc1ed1dbebcbc6b92675fa8385c22916
- SHA1
  
  e4430a62d84a0540423980f2b8804308492c4f9f
- SHA256
  
  bbfc0c02a88b753ee4d4d41a31c053e8827ce63e0625a4c6fa8b2cf8b1e6bd0e
- SHA512
  
  2cf765f79674312f9bd13188ce20f59b3e03a762f0b47a071d9a76f9a12be068df6ec31d0df9ef7b76a0228b0ea922097980930afbb485b2be6db40fc522469e
Score

3^/10
behavioral7 behavioral8
- Target
  
  mollusks/countersink.cmd
- Size
  
  334B
- MD5
  
  9d6b53c58320a436a8cba81ed2b36578
- SHA1
  
  2b9d3193b70cac52897aef536257f52cf268c47f
- SHA256
  
  19c18ff61c211c419b5bcacfed5b1f8b0dcf9ea4629f1f42c7c96fe791724342
- SHA512
  
  3f7f9ac263947eb287abe2f3698a5d109cb77ea3f52a545a8984257ed2ad0f38d2a92a799522166f1b78eccc724db91d3f0864184634937f66eeb110dfbc3296
Score

1^/10
behavioral10 behavioral9
- Target
  
  mollusks/disembowels.png
- Size
  
  36KB
- MD5
  
  e0cf6dbfc1006717e9a848a1c213bbdb
- SHA1
  
  0d5a03274166907ec0d4d85683b0b171ebe4c6ad
- SHA256
  
  fb24ab1d062cfccfda52cbf5ed8dc6a266eb0599b39036083d5fab5acf664ce6
- SHA512
  
  89c10e7d093f7ef896619ba7a11ce58a78aaa9bf684b442f1d690e60b2fee1f0bfeeb514f4ff8d47edc7246def4994e0d78a1edc6c406adbe62f37cf838b3c81
- SSDEEP
  
  768:ckPkCWBs1t63iWGMFjqyPPw7fIhOlqCPyXv3:PPE6tGvFj+fIhaqwyXv3
Score

3^/10
behavioral11 behavioral12
- Target
  
  mollusks/enlisting.cmd
- Size
  
  242B
- MD5
  
  19d169229401b45456684d6ffb575927
- SHA1
  
  150886349a8c370bfa14ec509dd2c594ecf2d63c
- SHA256
  
  6fbd6bd17bb83f03e1c1fcf1b4054e55bc1d0a29913c07092c378f6eb7a75042
- SHA512
  
  b7547c9519b563e6024101610aaa71a2934fd2de23d396d0e300bbda8d8b1072ceb0d8ccfc78532a85a1f4b347a4765f265775f9f042bbc012861714e381fb3c
Score

1^/10
behavioral13 behavioral14
- Target
  
  mollusks/fondest.tmp
- Size
  
  497KB
- MD5
  
  25f28cb2e56bdbe858e5c82b1fba4d14
- SHA1
  
  6ad8bebc78b0dfc47a894ee516e39eeee810c5f0
- SHA256
  
  96d2f4131542e1b4a6e9bba0bf3807008cb8340e7d247b464fdbebe11031d9e2
- SHA512
  
  7544d384847b7131e64d2c4c0a022b257455d0d2714d9a1f00df11c3cd7ed45917738a98618f4fbccce4c1a3f9541b09f95d7e19f0cd000beec95eb98d99621a
- SSDEEP
  
  6144:kc0+H0LwX/ei0iPlJgQwggr6cAhMtnEbER8wvyRaY4lls1yc8UQw8Mz1fu:D06cilJy9tnY+yTcm8UQw8Mzxu
Score

10^/10

qakbot bb09 1670238005 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral15 behavioral16

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16