qakbot | 5b40b8f968e30a704254f31197f7530c59ea26e81de2d32e6678f18d227645f3

General

Target

REPORT_UC0494.img
Size

886KB
Sample

221226-tzeqvadb63
MD5

aead8925d3789849b04ccac17961421d
SHA1

93c8aa611cbb904b47d818a1d865c606142cedd7
SHA256

5b40b8f968e30a704254f31197f7530c59ea26e81de2d32e6678f18d227645f3
SHA512

05beccf07e023ea8708ff36fb6d53659a5930122dc52172b329e0bda27c57ca5cd2fcff872a86afb6452d2548777b068295aba822943fcf61b3c810875397011
SSDEEP

12288:zJGwvTfCMf8rVomRle7XBr4fi7wDqo4TARMhxMrFND648j4xhT6TljE14/gD:zY5rVtcsfi7wDP4TAR0sFN+Uxrj

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.62

Botnet

azd

Campaign

1671805456

C2

79.77.142.22:2222

70.51.134.110:2222

156.217.79.168:995

93.156.98.4:443

108.6.249.139:443

89.152.120.181:443

152.170.17.136:443

83.248.199.56:443

136.35.241.159:443

72.200.109.104:443

84.113.121.103:443

38.166.41.88:2087

173.178.151.233:443

85.72.107.2:2222

91.254.132.23:443

195.198.103.184:443

96.255.66.51:995

178.142.126.181:443

176.142.207.63:443

199.83.165.233:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  REPORT_UC0494.lnk
- Size
  
  1KB
- MD5
  
  92b2484b9337cc95c77121cf4e081e86
- SHA1
  
  b07ca6345790ef0314dc7fdb6bb2ef6b89b2115d
- SHA256
  
  475aedc837bd052b31fc8aa65cc5d9a2fb41b077c307ec28ab51ce9fd84037a6
- SHA512
  
  e13f3c51c71130b5f8477b2d398592fcaed1be89e4f1cb0db8f79fd3dfb1067b418c5862fe5321fb3229eeb5d750e09ea6415b7727ce05dcc41e9bd324530e59
Score

10^/10

qakbot azd 1671805456 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  UpdatedFiles/NewFiles.cmd
- Size
  
  11KB
- MD5
  
  d6d9e42b32b43b39f45335322ffd1552
- SHA1
  
  f28e8fe4faf2d374df3488f27d01fdaf44d0b776
- SHA256
  
  35711a9125d3e9601785f1f108383879c2263b15fc1628594884c92f7ddfd968
- SHA512
  
  4bcb3db3cab427ef036eb99cc5404dfb05f1a585f843cd79fa9ff38bb132572cd15bec22c54767ec7296f9375c183dbfd32e7d1b4e256203a374eb51320a7341
- SSDEEP
  
  192:0JpPgHxipTFAFTijVD3E6NHJbU9dnGUrBp3EK/O4uAuR/bDGevK:0IxKTkOjtrNHJEdnGqp3vgAutDGX
Score

10^/10

qakbot azd 1671805456 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral3 behavioral4
- Target
  
  UpdatedFiles/NewInvoice.sm
- Size
  
  817KB
- MD5
  
  7f1ec89288b47335f996b50907bc5280
- SHA1
  
  dc58e0658fdd33a00e9699acbad6fdeb15daf1c8
- SHA256
  
  670cb4fded7498acfb990704b499cba6907bc279341dd7302ac526b715462c9f
- SHA512
  
  77b008ac80f995bcb102ddac715724928d56c8dd41bff1c1f0109e3691942637a0a592deb892e5c9d6ab866c1a3b07a91218d85a60496baa132a9ed23ed19f6f
- SSDEEP
  
  12288:JJGwvTfCMf8rVomRle7XBr4fi7wDqo4TARMhxMrFND648j4xhT6Tl:JY5rVtcsfi7wDP4TAR0sFN+Ux
Score

3^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6