qakbot | 4fc1e0118459e693583c91ef043f35ac334d2abb299b9f90438cf5186299a651

General

Target

AnalyticsDO#639834.iso
Size

1022KB
Sample

220916-rwva1sbgaj
MD5

10bc318e30efa5db3b44148038889199
SHA1

e4de38eec8c90b42bec1af48abdd5da5edb84adb
SHA256

4fc1e0118459e693583c91ef043f35ac334d2abb299b9f90438cf5186299a651
SHA512

21a6c55bb615426e50f716d81102931e140c99281f0ae70a52fed9271d02af08a8e75e7ae1e307be661e30eaf1eb30f061ec2eaa5fa64c6a4695b7ae102ab314
SSDEEP

12288:fkkiAYQjSOklPGSTHmI6S9+XruiCtDhBCaATfT0sBkPzXTwnm1cQ47glckpPWUJC:NdhSlNKIybLKFBC1jNRZVdobrJLNMJx

Score

10^/10

qakbot bb 1663323048 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

403.862

Botnet

BB

Campaign

1663323048

C2

200.161.62.126:32101

70.51.132.197:2222

78.100.228.93:995

78.100.225.34:2222

179.111.111.88:32101

102.38.97.72:995

217.165.68.125:993

193.3.19.37:443

70.49.33.200:2222

31.54.39.153:2078

99.232.140.205:2222

119.82.111.158:443

134.35.10.207:443

45.51.148.111:993

186.154.92.181:443

66.181.164.43:443

41.96.56.224:443

88.231.221.198:995

76.169.76.44:2222

68.53.110.74:995

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  AnalyticsDO.lnk
- Size
  
  1KB
- MD5
  
  929f9e314f83d2fefcc5f7f44633614a
- SHA1
  
  570b999aad93b12fbe0857d11ac811da9e1442fb
- SHA256
  
  afd61574fae761a1e24e54a0475d9d49183488e160e9ab5832feac1713c0643b
- SHA512
  
  e9bbf7f045329ca98756e896177b3cb71291e74f376e0a5a04bd81aaead6b4d294748effdd62c2c352b000526b9f4c2fa54fe098195f179cc3be81eb253d4f6f
Score

3^/10
behavioral1 behavioral2
- Target
  
  now/newFor.db
- Size
  
  961KB
- MD5
  
  5f85b4cd792d6e3e2c11a7dba359a644
- SHA1
  
  a77eb84fe77aea8e7dc9d75167afb2f79282679e
- SHA256
  
  e716e9111e87e2f1cab16631ee561812cbf3b1c83c788ba5d293675d0959a190
- SHA512
  
  1e1d1704a82bbda2a06fd304dec2b1d477f90230eb38de2158d1c9e37ffd436ac875084d2d9aca403154519743bb4df1e3dc45f2cfd74aa6cf2c7b7100310b68
- SSDEEP
  
  12288:AkkiAYQjSOklPGSTHmI6S9+XruiCtDhBCaATfT0sBkPzXTwnm1cQ47glckpPWUJC:adhSlNKIybLKFBC1jNRZVdobrJLNMJx
Score

10^/10

qakbot bb 1663323048 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
- Drops file in System32 directory
behavioral3 behavioral4
- Target
  
  now/onlyFrom.js
- Size
  
  186B
- MD5
  
  1767446ada4f764e12bb56c78e689e20
- SHA1
  
  3356b26b0cace65462d8e6efcd1d5a3704f8374a
- SHA256
  
  99a4f4e897e19ff2e3efdc790a65bc5b8476c5d287d8eb77a7f8557e684e2bca
- SHA512
  
  fb07e136ebdacadf5840327909590772ec80f7e87c304229d8eb73088d2490b84fc5eabac18bd4b1c589c53cdac5b36d8dcdaa8708acb1b11498dd221a15dc83
Score

3^/10
behavioral5 behavioral6
- Target
  
  now/thenThose.bat
- Size
  
  40B
- MD5
  
  2b2faac8b6f22d72eb372c85d66b017f
- SHA1
  
  9f380b42850ca4fdbacf9bf90d3af44a96cfa632
- SHA256
  
  418e9b24e74ec0d1372803c0eb970a3565251bdbce70f0a8947c38e9ffc55138
- SHA512
  
  bad46fe38410d951860680f5e0c8140e83fbd11e89ffac5c2cbf0f51977ba671163a60b43acbb9d36428fc311089b886d6ddb96912af05a1c0b89cef51007162
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Loads dropped DLL

Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8