qakbot | a4020391b5400315217782b3bfeb4b5c475369bb6950548d09aafd48558edf2d

Sharing

Copy URL

Twitter E-mail

General

Target

7d1d7d196b3932e4e3e7cc1159f0e3ebab252f6a5f1ed6000f78d2133052a0de.zip
Size

425KB
Sample

230120-zw1rsshh33
MD5

2f9b738e456b19003247e663755a4dc4
SHA1

4c5a0cff232b4a484a6e67ec8f16cbb7a5a1ab60
SHA256

a4020391b5400315217782b3bfeb4b5c475369bb6950548d09aafd48558edf2d
SHA512

9ba2f60866ff685dce33fcb945fd4d8aa1aeec69ec06da2d878f9e22c654371928bd660dafa9e95560bf5ecc9dcd22f26a3c96eac13847cf9bfa4ef99a3e4c4e
SSDEEP

12288:XNBsR1wGXZGUOWnZdY1cex4x82mMdQHIcjh:9GAWZGqZdYNCx8EQHBjh

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

BB08

Campaign

1669628564

98.147.155.235:443

85.52.73.34:2222

75.158.15.211:443

2.91.184.252:995

92.106.70.62:2222

85.152.152.46:443

86.159.48.25:2222

217.128.91.196:2222

92.11.189.236:2222

83.92.85.93:443

2.83.62.105:443

93.24.192.142:20

76.20.42.45:443

24.64.114.59:2078

73.36.196.11:443

130.43.99.103:995

172.117.139.142:995

100.16.107.117:443

12.172.173.82:22

176.151.15.101:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  AFL27.iso
- Size
  
  742KB
- MD5
  
  638f6bca78675365d31e3903b1f2756a
- SHA1
  
  d9dd05f79fe4a844f37e64e05b7cc4dbc091c120
- SHA256
  
  3da1cb0608f3709bf1331c4088fb258daf0200740b9b67afc6eec68a7f4b111a
- SHA512
  
  ee5e3359e745caed4bd6316dc73ccec87b7c6c2fa87721f4201af0c94879957232d0d9c5936452005f09c15f216deb2f85ba1f91a33ba7628dd42c04b3147fd4
- SSDEEP
  
  12288:DNym1Mcw5EO6dHvDe0P3lx5EBto8BkfzNbuTyGrC6N2c2mcsAMznGBRA4cZDgNIg:DNJMFEO6dHvDe0P335EXpUNSleQ2cYcn
Score

3^/10
behavioral1 behavioral2
- Target
  
  AS.js
- Size
  
  9KB
- MD5
  
  b6377f4364852191e440269dc0225850
- SHA1
  
  4784a7c288fbffaea4e5c10cfc2da208578977a2
- SHA256
  
  d0f396309db14bbe988e8ae6ba6dfb4451fc9db830484dcb7dec830b74d8467a
- SHA512
  
  302ab00ac77e86b3448bcf7affeb5e127e606d977556af0da17d211b816bc00b2d54643ceacf219f2c4be6532781e1d64db31d4a307ae822f9b70dc1617da7db
- SSDEEP
  
  192:CSLj5Uravgx685UIhpHKbP2KTMhS0OGYm9lWVjAvNzAWM5Evk7MgG+r5A0:N5Kk785UIhp/KTMhSeYmn2jiu5EjP+rV
Score

10^/10

qakbot bb08 1669628564 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral3 behavioral4
- Target
  
  peseta/data.txt
- Size
  
  630KB
- MD5
  
  58329a65cac27867d2777390f4eac0eb
- SHA1
  
  a44b4f6d076498b6bf42dbf1a8a805f4570e7c04
- SHA256
  
  9a6a43b0cdd989c911896933202401b848d2502db0219632f3aaa04a2e4687a4
- SHA512
  
  8bde8e1c678a516abb67f4bfb6bc314477014123b4bab3e9c3d13e1e9e4e5dfd37e407b4c4c939b270234419f367d7a1e26a605770620312d1d0fe27ca5980b5
- SSDEEP
  
  12288:Im1Mcw5EO6dHvDe0P3lx5EBto8BkfzNbuTyGrC6N2c2mcsAMznGBRA4cZDA:rMFEO6dHvDe0P335EXpUNSleQ2cYcGLx
Score

1^/10
behavioral5 behavioral6
- Target
  
  peseta/flours.js
- Size
  
  9KB
- MD5
  
  b6377f4364852191e440269dc0225850
- SHA1
  
  4784a7c288fbffaea4e5c10cfc2da208578977a2
- SHA256
  
  d0f396309db14bbe988e8ae6ba6dfb4451fc9db830484dcb7dec830b74d8467a
- SHA512
  
  302ab00ac77e86b3448bcf7affeb5e127e606d977556af0da17d211b816bc00b2d54643ceacf219f2c4be6532781e1d64db31d4a307ae822f9b70dc1617da7db
- SSDEEP
  
  192:CSLj5Uravgx685UIhpHKbP2KTMhS0OGYm9lWVjAvNzAWM5Evk7MgG+r5A0:N5Kk785UIhp/KTMhSeYmn2jiu5EjP+rV
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral7 behavioral8
- Target
  
  peseta/gratiae.ps1
- Size
  
  367B
- MD5
  
  5479e1a9617b0222d0a8f001c63fb23b
- SHA1
  
  0c5428239a418c8586d1699adafeb2bddb0f8c95
- SHA256
  
  e6f4fe47c6e08c3b995b5e69efee09a853426607d64715bb1cf215640f785d58
- SHA512
  
  7bc5e090fbabd4746c1a075ed4d7bbfbdb4e0a235ff8c1be5e8257d5daf4f3e22a3f04d25d21108446a684cc7371eea6882d3c1d855a3c12e868a2e8d01d4ffa
Score

1^/10
behavioral10 behavioral9
- Target
  
  peseta/opalescent.jpg
- Size
  
  26KB
- MD5
  
  e5f0f548e522f0ae14c10f7cf6d41b54
- SHA1
  
  c8271a2b42226a45b9c70137f1bc69b432b6e65f
- SHA256
  
  5fe310354508efaf34d2da0af9b1c2e61e6b1d785698f7ca98fb85ed1a565618
- SHA512
  
  cfefce9b846979d5b1f5dcc5cbae5709073dfb81928e85fc763f267cceb74a3602c8255575b847fceed9b45d667632f880b8c0fe3e29723321db7b5369936ab4
- SSDEEP
  
  768:L3AonmQfsXxbWpb+3GpKzdJlVwej22gyUjR:bAOmQfDbeeK9OeayUjR
Score

3^/10
behavioral11 behavioral12

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

Loads dropped DLL

Checks computer location settings

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12