qakbot | 0bbcf926861f0bab4410477493187a89fc7e28b9da5a1bf607c33316f575343f

General

Target

raw.js
Size

15KB
Sample

230526-2m8r6ahh3x
MD5

37f56794fcc202b0568d6005de64fe12
SHA1

11a3e14c1daff0b32af21d071c1593a9fa3f4975
SHA256

0bbcf926861f0bab4410477493187a89fc7e28b9da5a1bf607c33316f575343f
SHA512

85c23a31c25e814ae95f2c6bad29411cc1cec410ddcadac1a47e7d71c81d99342d1db66c57a01ca81e842a20608b3c57be33f2c939a04f306bb406625354839e
SSDEEP

192:72QHFX0ZcX/Cv3gtMMNcJ5+km8ime6C7IRmX/noHnkpgmlyHnlTjYktAcn/kdeD:iYX/voRacJRHwrYmX/YU+AktAikdo

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.1249

Botnet

BB29

Campaign

1685100431

C2

50.68.186.195:443

66.180.234.51:2222

103.141.50.43:995

69.242.31.249:443

173.88.135.179:443

12.172.173.82:465

86.130.9.242:2222

92.27.86.48:2222

88.126.94.4:50000

113.11.92.30:443

12.172.173.82:995

92.154.17.149:2222

92.135.0.154:2222

212.169.233.141:3389

103.123.223.133:443

12.172.173.82:32101

70.28.50.223:3389

47.21.51.138:443

75.98.154.19:443

47.205.25.170:443

Targets

- Target
  
  raw.js
- Size
  
  15KB
- MD5
  
  37f56794fcc202b0568d6005de64fe12
- SHA1
  
  11a3e14c1daff0b32af21d071c1593a9fa3f4975
- SHA256
  
  0bbcf926861f0bab4410477493187a89fc7e28b9da5a1bf607c33316f575343f
- SHA512
  
  85c23a31c25e814ae95f2c6bad29411cc1cec410ddcadac1a47e7d71c81d99342d1db66c57a01ca81e842a20608b3c57be33f2c939a04f306bb406625354839e
- SSDEEP
  
  192:72QHFX0ZcX/Cv3gtMMNcJ5+km8ime6C7IRmX/noHnkpgmlyHnlTjYktAcn/kdeD:iYX/voRacJRHwrYmX/YU+AktAikdo
Score

10^/10

qakbot bb29 1685100431 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Blocklisted process makes network request
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Blocklisted process makes network request

Loads dropped DLL

Enumerates connected drives

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2