qakbot | 5f48cc6c72b98dcf70d4fd73ec5a4494a0e9278f31f28780032940f78ebe2acb

General

Target

AnalyticsDO#132937.iso
Size

1022KB
Sample

220916-rb18tsbffl
MD5

5462eb1e744e0de47deab75f2a48a859
SHA1

c4ae1af6fab3bb0d895220a8869ffe0257990f18
SHA256

5f48cc6c72b98dcf70d4fd73ec5a4494a0e9278f31f28780032940f78ebe2acb
SHA512

ccddea08e507606a2a3060476ed4ed901022c11d7e987c59c699b0fe06f803b424430a21cf1f0b597197185be7e88cdc301bb039fcfead19f935c20b4c0157c7
SSDEEP

12288:/kkiAYQjSOklPGSTHmI6S9+XruiCtDhBCaATfT0sBkPzXTwnm1cQ47glckpPWUJC:tdhSlNKIybLKFBC1jNRZVdobrJLNMJx

Score

10^/10

qakbot bb 1663323048 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

403.862

Botnet

BB

Campaign

1663323048

C2

200.161.62.126:32101

70.51.132.197:2222

78.100.228.93:995

78.100.225.34:2222

179.111.111.88:32101

102.38.97.72:995

217.165.68.125:993

193.3.19.37:443

70.49.33.200:2222

31.54.39.153:2078

99.232.140.205:2222

119.82.111.158:443

134.35.10.207:443

45.51.148.111:993

186.154.92.181:443

66.181.164.43:443

41.96.56.224:443

88.231.221.198:995

76.169.76.44:2222

68.53.110.74:995

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  AnalyticsDO.lnk
- Size
  
  1KB
- MD5
  
  ed9ea26e8b76d9a5c448e46e759f8ee9
- SHA1
  
  8f9c069f973c5ac50dd8122c3e32ef30b7c7ab3d
- SHA256
  
  c0d26647274da09d6818a4d302dac242f560796533eb0d6c37a2817a795c89fa
- SHA512
  
  95e700dde7a186c1a71838ce83647213340b9e38b4cd5146a51d526b24ce67efbde67ed93c2f9d64f2ba1a51508a88b08693f8fe02f03abfabce4b6a985fcd03
Score

3^/10
behavioral1 behavioral2
- Target
  
  now/atHow.bat
- Size
  
  40B
- MD5
  
  2d1447210479ed56f0ddf5c902474a2e
- SHA1
  
  ba3f3586c4a3ea2ca7642724d75899b9c6501d63
- SHA256
  
  95e7e5cd60052638341d262cbd2a363c62d1cf65b44af958483fd201bd8057bb
- SHA512
  
  b3401480017fe09011132850f2accd425d18a65dc575b9185ddc2529f5fcdd1aaf6a5d04f6576888d40573ae314e6c74158688dc91f6f8da65ac9e1313d71a62
Score

1^/10
behavioral3 behavioral4
- Target
  
  now/someWe.db
- Size
  
  961KB
- MD5
  
  5f85b4cd792d6e3e2c11a7dba359a644
- SHA1
  
  a77eb84fe77aea8e7dc9d75167afb2f79282679e
- SHA256
  
  e716e9111e87e2f1cab16631ee561812cbf3b1c83c788ba5d293675d0959a190
- SHA512
  
  1e1d1704a82bbda2a06fd304dec2b1d477f90230eb38de2158d1c9e37ffd436ac875084d2d9aca403154519743bb4df1e3dc45f2cfd74aa6cf2c7b7100310b68
- SSDEEP
  
  12288:AkkiAYQjSOklPGSTHmI6S9+XruiCtDhBCaATfT0sBkPzXTwnm1cQ47glckpPWUJC:adhSlNKIybLKFBC1jNRZVdobrJLNMJx
Score

10^/10

qakbot bb 1663323048 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
- Drops file in System32 directory
behavioral5 behavioral6
- Target
  
  now/wouldNew.js
- Size
  
  182B
- MD5
  
  b92bfb7cf2554aeaaf4f8eae453113bf
- SHA1
  
  4ac24b440907c69f07f7e18edb8d01ea1dd86ede
- SHA256
  
  6d87255ae4699a8b661c98f41bed7e17299fe51c41312c999449492f8f96e202
- SHA512
  
  b1d6aa64ba4b9d9c65f2c206aba46f3c5882a1ca80b9ce7a0e05967d54cf9dfb64233fc423ba4628c04a9bd3886522f94ecd6be0facfeac7f07ebc189b75ea30
Score

3^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Loads dropped DLL

Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8