qakbot | 8b39f258ba72718fc61372c1e986928de5e8cbce02e9c140f79ffc8b9adf8876

General

Target

fbe95e4d58b31a15569d3e4ab057bc47abb193c9afacdda186be51b2c1ac582b.zip
Size

355KB
Sample

230203-mh2qqahg3w
MD5

06ab582bb388446028fedaedaf9f8a25
SHA1

ce0d5b9c6893ff242d5339fa65394b4f4ee175ba
SHA256

8b39f258ba72718fc61372c1e986928de5e8cbce02e9c140f79ffc8b9adf8876
SHA512

2db95cab2fd4f22c644f9d16ed587ab09b71a267cd2c1d32725cb35c6f16db496069d026d931f0e405d6ec37905026f15445692cf004d4550b7a5d435df4a70a
SSDEEP

6144:Xl24EkvxWW0/46opseCraAeVwXIX/Ep9SVEzVEN27aCpkjBYzGOfd+GbEnoEXb2h:4CvxKDopCr+Vw4X/Ep9R77aQ8WjdTFEc

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.430

Botnet

BB12

Campaign

1675090602

C2

24.9.220.167:443

92.239.81.124:443

12.172.173.82:32101

162.248.14.107:443

213.31.90.183:2222

217.128.200.114:2222

71.31.101.183:443

81.229.117.95:2222

184.68.116.146:2222

86.130.9.183:2222

92.154.45.81:2222

70.64.77.115:443

24.71.120.191:443

86.225.214.138:2222

86.165.225.227:2222

172.90.139.138:2222

92.207.132.174:2222

70.160.80.210:443

58.162.223.233:443

47.61.70.188:2078

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  fbe95e4d58b31a15569d3e4ab057bc47abb193c9afacdda186be51b2c1ac582b.msi
- Size
  
  384KB
- MD5
  
  bd0ebd840439189cc64af2d0cd0dd130
- SHA1
  
  72cef301ca25db6f1aa42f9380ab12ae2e99a725
- SHA256
  
  fbe95e4d58b31a15569d3e4ab057bc47abb193c9afacdda186be51b2c1ac582b
- SHA512
  
  b6298e66cb903d58b0877a0fe9725a6fb35dc2a304a5d79532d2cbc20ee3d85667fab7cc305baf5c9b612bfed9026f54a9371de72d00eb22964fcc9ff91f9b2b
- SSDEEP
  
  6144:Vn1X0lyS6gYhkJceU2iXT+XYhwNabhXx3r6FiNhRfpwt+42OTTF:V1Xw6gzJceU2khmOC4Nhxpwc6X
Score

10^/10

qakbot bb12 1675090602 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

Peripheral Device Discovery

2

T1120

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Loads dropped DLL

Enumerates connected drives

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2