qakbot | 51e596bf543ed0b470a38dc087e4f6c05369dbcdff8a57560c59345ff854ec48

General

Target

26112024_1625_SCANS_SA9050.img
Size

1022KB
Sample

241126-txbleaypet
MD5

e4416680b14ae49d09e1bcc014c3d3c3
SHA1

13d20796c29e07a459581407785411c74b857cd8
SHA256

51e596bf543ed0b470a38dc087e4f6c05369dbcdff8a57560c59345ff854ec48
SHA512

afd083a302559d9d1ea7aac2ab9b2de1ec9ad1c69ea178e0ea13f57fdc2156b99164c4c07af169f7f0eaa09340660bd94524688989869749c29985a52c274e04
SSDEEP

6144:uK/s0aJWn8hdwefY5RAOgiLKefBv3n2JjiCk5c51kltCYEPxPTHmtkYoc0RVfs:xtMwuyJmkupiZiegLxLMKRVfs

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

azd

Campaign

1670515354

C2

136.35.241.159:443

73.36.196.11:443

12.172.173.82:50001

190.24.45.24:995

193.253.100.236:2222

109.11.175.42:2222

92.8.190.211:2222

50.90.249.161:443

66.180.226.117:2222

201.208.139.250:2222

12.172.173.82:22

75.98.154.19:443

24.142.218.202:443

70.77.116.233:443

90.4.193.117:2222

24.69.87.61:443

98.147.155.235:443

83.213.192.136:443

176.133.4.230:995

71.31.101.183:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  ContractChanges/LastUpdates.cmd
- Size
  
  9KB
- MD5
  
  cd723a9d6787523df6fa782b7e45700b
- SHA1
  
  08b05453181fd788345f7e91424a01ac19b30062
- SHA256
  
  43821a8f9a806faf41fc93764cc351a6652089567da1b241308c1c4be163488e
- SHA512
  
  549799367c5210c26147e403d0575c570e821c6d485238afef8547e449a680121bd0e56ad8f21d6d18dca9a164704de76dd4f7e4dc40f68659f6a8ab2fcc2dca
- SSDEEP
  
  192:HIIUro/z3OlzEJTiQbYmp/RI53dC1x60KGLt:tKoSaOupKdCLt
Score

10^/10

qakbot azd 1670515354 banker discovery stealer trojan
- Qakbot family
  qakbot
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral1 behavioral2
- Target
  
  ContractChanges/Pays.bin
- Size
  
  367KB
- MD5
  
  9f59e640b72f0906d798fc11b4cf1d75
- SHA1
  
  993f649c00e44528841ee002d7861391d032c7ae
- SHA256
  
  95d2d427251bd10427f078255981bee74ed39b9fde78e0e7f1fc5c7c38ad4a10
- SHA512
  
  54741643f8e57a7fd80fcf77193633d0b81246b085a196ba8bbac59fe60ecf513814c42e4342194ca2e8ce83284970d156acfb8a72f3dd70bd689efabff85b8a
- SSDEEP
  
  6144:MK/s0aJWn8hdwefY5RAOgiLKefBv3n2JjiCk5c51kltCYEPxPTHmtkYoc0RV:jtMwuyJmkupiZiegLxLMKRV
Score

10^/10

qakbot azd 1670515354 banker discovery stealer trojan
- Qakbot family
  qakbot
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral3 behavioral4
- Target
  
  SCANS_SA9050.lnk
- Size
  
  1KB
- MD5
  
  16d04c8187b069d1797aef8c4df675cd
- SHA1
  
  61ceaf62715feaa0984f32b91d441e3a2b4e3f35
- SHA256
  
  46c6cf6965e15115ccc624295a8b6b715358f186ac2a77390fd5ebb2eb31e083
- SHA512
  
  49b0bfa71b8acfe2995031976b945e77e8dbeddc476e16929648d9bdd34e1bb43e6e4b8608d7c2db812cc1a75b1f5974d20ce5fd22cc99e01a4f4b31040655c3
Score

10^/10

qakbot azd 1670515354 banker discovery stealer trojan
- Qakbot family
  qakbot
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot family

Qakbot/Qbot

Qakbot family

Qakbot/Qbot

Qakbot family

Qakbot/Qbot

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6