qakbot | 39fa5847eb9c839df98eb1a8bbc49a2cdad1a311e7d24e6c33b27ada71a4d8ac

General

Target

MainReport#423213.iso
Size

806KB
Sample

220915-tdfe9aded5
MD5

c8f03fc03bec5f21d3398b141e9c9b27
SHA1

a58cb0356b04773aac73768c8746d185cef0b7ea
SHA256

39fa5847eb9c839df98eb1a8bbc49a2cdad1a311e7d24e6c33b27ada71a4d8ac
SHA512

a728615ded75b24607503df8f04970a0cbc1a6647ac75d2e906920e2fb987ada7ebca52feebed4a0a76ed1b6006c9237cf373107dd27ed3b6194925ae1d0bba3
SSDEEP

12288:NOSe1J015+z6oZZdf/zxY5lbV6hJ84Q7yLCgsyP4bXfZ9i:Aj1y5+z6oLdzxmkf8eTsc4bXfZ9i

Score

10^/10

qakbot bb 1663241231 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

403.892

Botnet

BB

Campaign

1663241231

C2

81.131.161.131:2078

217.165.85.223:993

37.210.148.30:995

200.161.62.126:32101

78.100.225.34:2222

119.82.111.158:443

66.181.164.43:443

134.35.13.45:443

193.3.19.37:443

99.232.140.205:2222

197.94.210.133:443

87.243.113.104:995

84.38.133.191:443

14.184.97.67:443

123.240.131.1:443

194.166.207.160:995

78.168.87.170:2222

180.180.131.95:443

41.99.21.248:443

190.44.40.48:995

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Report.lnk
- Size
  
  1KB
- MD5
  
  4acde783f7f9d0de460aca50bba34143
- SHA1
  
  38ac1196a0a6ee61e3ef13121f69c12c4ffb2fe3
- SHA256
  
  a247d2ec0c4065ff35e98f530d1d32323920a30e86c5ab6c437a00f3041defc6
- SHA512
  
  fd981b58638e5b8e247df55d0b8288aaeeacc59bcdae42641110c1a9f4b4958027a9b930e073c2df042422400cc474e6099c9ba25b938996ae86965496172e70
Score

3^/10
behavioral1 behavioral2
- Target
  
  well/forWhat.js
- Size
  
  137B
- MD5
  
  5f7b6611c2217516295c8c4b4740d6ce
- SHA1
  
  f686a439e8267de68a9e80fd0aadc6574147fa35
- SHA256
  
  2e92a9a36153ccc228beb3f3deecacf51398f1145b97928c7817194000ccf005
- SHA512
  
  2976095f9bb36fc2926da891a7600475d390ba234934f936c515053b998cc52238ea10f179c1cc383fb9b07f53924e69bd727fb3d47e79e18ac34617de50cb5a
Score

3^/10
behavioral3 behavioral4
- Target
  
  well/manWho.bat
- Size
  
  40B
- MD5
  
  85ec1bf3ad3dddf1cf55f10a0ac132ae
- SHA1
  
  2c6f1d2028a47fa3aab2c96c2f49e48662e9739f
- SHA256
  
  ff3ca47e30e95b017c1e1839eef0762a64710c85579c6fbdc0a30780c694cf9e
- SHA512
  
  d498555791367c3fa3bec03a8772544afbe8f6271b1e85d85d2cc6e55e59fb1cccc461d1b1bc7205a1d9cec11b80623d0b882c284cab72f89c47139f9d99c8b0
Score

1^/10
behavioral5 behavioral6
- Target
  
  well/thoseFor.db
- Size
  
  639KB
- MD5
  
  baa6798c1674853f7dcf003b78ee79ed
- SHA1
  
  33ac6d3c9c7f82544acf9bc6785dd93346066811
- SHA256
  
  01cd0c3b1d2de2223fc32d6f96ed98d198c207c19ae6cf4b22ee5af556c40f31
- SHA512
  
  65757e3c02a1afb9fccb9a50b138bc811cddde2750cb104b9473e5b79bb52fd29ec9f9abd01bc0fe238005a0fcce681e96153e0d2ec80cc526ffc8d2db179db5
- SSDEEP
  
  12288:GOSe1J015+z6oZZdf/zxY5lbV6hJ84Q7yLCgsy:9j1y5+z6oLdzxmkf8eTs
Score

10^/10

qakbot bb 1663241231 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral7 behavioral8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8