qakbot | 284f0fabbdfc1172cb1cbf74473321668c4b31789d93158669f6735bec124817 | Triage

Sharing

General

Target

d.gif
Size

667KB
Sample

230201-n6c8psfa3t
MD5

14e10643eb6346b995517d1c1a6de52d
SHA1

e902c68a65b38eb099289b890f055c60d2733010
SHA256

284f0fabbdfc1172cb1cbf74473321668c4b31789d93158669f6735bec124817
SHA512

5621e57ac77fdc47b5898f3a87d43d556bcc215ec33351f225d38e514992c92d66041bdfb55c77c2f127ea9b49b9a2a6fc6e1010d563efaaf24161712027ef5b
SSDEEP

12288:ubjQRl3iZwl3JBrySD9CkkqC28DWl0RJK2LgAN4c1DZx+vaPpsnRlZ3+u:uHWZiZCCMCkkbRDeSjcjc1DZUyBsRD

Score

10^/10

qakbot bb12 1675243711 banker persistence stealer trojan

Malware Config

Extracted

Family

qakbot

Version

404.438

Botnet

BB12

Campaign

1675243711

C2

12.172.173.82:2087

95.94.41.77:2222

73.22.121.210:443

200.109.207.186:2222

75.143.236.149:443

69.133.162.35:443

197.148.17.17:2078

82.36.36.76:443

27.0.48.233:443

90.162.45.154:2222

125.20.112.94:443

150.107.231.59:2222

91.82.5.101:443

217.128.91.196:2222

73.161.176.218:443

50.60.157.175:995

190.199.188.186:2222

93.147.235.8:443

183.87.163.165:443

82.121.195.187:2222

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  d.gif
- Size
  
  667KB
- MD5
  
  14e10643eb6346b995517d1c1a6de52d
- SHA1
  
  e902c68a65b38eb099289b890f055c60d2733010
- SHA256
  
  284f0fabbdfc1172cb1cbf74473321668c4b31789d93158669f6735bec124817
- SHA512
  
  5621e57ac77fdc47b5898f3a87d43d556bcc215ec33351f225d38e514992c92d66041bdfb55c77c2f127ea9b49b9a2a6fc6e1010d563efaaf24161712027ef5b
- SSDEEP
  
  12288:ubjQRl3iZwl3JBrySD9CkkqC28DWl0RJK2LgAN4c1DZx+vaPpsnRlZ3+u:uHWZiZCCMCkkbRDeSjcjc1DZUyBsRD
Score

10^/10

qakbot bb12 1675243711 banker stealer trojan persistence
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

qakbotbb121675243711bankerstealertrojan

behavioral2

qakbotbb121675243711bankerpersistencestealertrojan