qakbot | 8695f495153801f28081375b88a52c4f27d9ab15ca20994d87ab8683ec811383

General

Target

26112024_1618_SCAN_HS2803.img
Size

1010KB
Sample

241126-tr4p1aymf1
MD5

a2e27aff4e4ed39e49e79bb48dcc071b
SHA1

1bd0970d6f83d2d9c34ee7c4b204c9b27f08af94
SHA256

8695f495153801f28081375b88a52c4f27d9ab15ca20994d87ab8683ec811383
SHA512

725e7d845622082a08d342e622ebca66aaf376591af5eac117e2db39040b2d185db8718185547a49b44cfb5c145cec14bd496ba074474e98d3a55edbdd5c8815
SSDEEP

12288:YBZFJonOQg2uym3Fkz1ee5MJ4XpJ5g7x4BdqEz6QQBGPpBi1fDupo:Ef8OQg2uysCV3ZJ4y+Y0BEnwDupo

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

azd

Campaign

1670585125

C2

172.90.139.138:2222

90.116.219.167:2222

173.239.94.212:443

91.169.12.198:32100

74.66.134.24:443

66.191.69.18:995

182.75.189.42:995

78.69.251.252:2222

98.145.23.67:443

103.71.21.107:443

197.94.219.133:443

91.68.227.219:443

12.172.173.82:993

86.176.83.127:2222

64.121.161.102:443

41.98.21.114:443

92.154.17.149:2222

151.65.67.211:443

89.129.109.27:2222

76.11.14.249:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  NewIssues/ChangeRules.cmd
- Size
  
  9KB
- MD5
  
  4f342f73c983bbd54efeb64850e7cb26
- SHA1
  
  617ec602a7c841de920fa991cdb10693cfc1cb3f
- SHA256
  
  49c2bad1ce4e41a86ba06205b1e82b1c813c1559b7c725669439d3d4da7d6fd3
- SHA512
  
  58d3352013c78bced795544e2b4a724fe941c2633278f82b40017714f808f8039026374ef57228adb873c967a9461f54e118da326041f29f42381174f068059a
- SSDEEP
  
  192:Oe2+eD8p/GLgTfCEG1lb1km9R4IloKCjSV:OR/op+LgTf+lb1D+Ra
Score

10^/10

qakbot azd 1670585125 banker discovery stealer trojan
- Qakbot family
  qakbot
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral1 behavioral2
- Target
  
  NewIssues/NewInvoice.bin
- Size
  
  683KB
- MD5
  
  3c359f052ab36b9a2dc3c295065a18a0
- SHA1
  
  eaaa009b3a42ea965dd55d525e38ce40d30e4069
- SHA256
  
  c2818a0dde04b70ce0f01342df88b2d01c2ab0fced4e94fdc1254bf505325bf6
- SHA512
  
  c440d7a35870cb17c0a60d99ec9b9dad0fc226162bbd21c11642d4f66f4c77a44882b5b89fe46628031fdedccdc0f253fcfc0479e934664827dd0745a6152db6
- SSDEEP
  
  12288:2BZFJonOQg2uym3Fkz1ee5MJ4XpJ5g7x4BdqEz6QQBGPpBi1fn:6f8OQg2uysCV3ZJ4y+Y0BEnwn
Score

10^/10

qakbot azd 1670585125 banker discovery stealer trojan
- Qakbot family
  qakbot
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral3 behavioral4
- Target
  
  SCAN_HS2803.lnk
- Size
  
  1KB
- MD5
  
  03876b25d715b472f0f1b48c55e564b5
- SHA1
  
  289dbf94ac0b682b3b33b6fda91b634c2ca244f9
- SHA256
  
  62dd6f91d0eb2762b9f18045cb7123bc3f3509ae6856acc3a5fea7d1c140e5d0
- SHA512
  
  257ee9b651c20720a39c247fab80339ee1953c1d2afdc2a6681cdd1f2749a0c7165a67ec243a9a9822f8d774dcd49e5570d7aa976528a36aeafd06b449395e65
Score

10^/10

qakbot azd 1670585125 banker discovery stealer trojan
- Qakbot family
  qakbot
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot family

Qakbot/Qbot

Qakbot family

Qakbot/Qbot

Qakbot family

Qakbot/Qbot

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6