qakbot | 97685d20d5781617bef7433b9137ce4a58c5318969bc67e1457100cb46a839a1

General

Target

Gallery#2072.iso
Size

604KB
Sample

220916-wjtwyacbaj
MD5

293e1438d12b33fa40a9c2b7b6bf1829
SHA1

c420cebfee9461de2e72bedd3333457af0f33f96
SHA256

97685d20d5781617bef7433b9137ce4a58c5318969bc67e1457100cb46a839a1
SHA512

189194c1b2e730594e0b3e459fc0ac22e4395021a63c37f160c87e3429dc6429d2623e0433fa4507ad35da68fd317650cb66e93730f32a107ca5c3d1edb6e2cb
SSDEEP

12288:G1qupWltwUuRQkQrO6qbIE3yM73wUYhiEqBUHW:GWtwQbrXq3ym1GPXW

Score

10^/10

qakbot bb 1663336370 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

403.894

Botnet

BB

Campaign

1663336370

C2

68.53.110.74:995

70.51.132.197:2222

78.100.228.93:995

78.100.225.34:2222

200.161.62.126:32101

179.111.111.88:32101

41.96.234.120:443

99.232.140.205:2222

105.99.213.235:995

217.165.68.125:993

88.231.221.198:995

193.3.19.37:443

70.49.33.200:2222

31.54.39.153:2078

102.38.97.72:995

119.82.111.158:443

134.35.10.207:443

45.51.148.111:993

186.154.92.181:443

66.181.164.43:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  GalleryF.lnk
- Size
  
  1KB
- MD5
  
  fb93b9665fea513fc0397e414c27047b
- SHA1
  
  bd6f26837bc0d9484661350e82efcee1e0b225a6
- SHA256
  
  d5794d0e9a15780d72b90385064b9dc65ca91f8ab9e1afe014f4c5c8316ce0fa
- SHA512
  
  6aff08f0f2659b500cc81a2bb61c8afc924fc8dc758e36fbba5527c78e879d893d012c871cf76105da629f3d11ebf6e2a3611dddefddba8a613e5b79b7db8605
Score

3^/10
behavioral1 behavioral2
- Target
  
  of/howEven.db
- Size
  
  482KB
- MD5
  
  95c72c221343864a3a7d2bcbc03bce98
- SHA1
  
  c7d9e379eb9054092778f06066536f26379be173
- SHA256
  
  c53628e9a3d52b4236269209f57f941231ab89c4cc6c75a57a2abd95430fda7a
- SHA512
  
  d81ea80a10ecb342f204dfcd7384bc5eaa798c4dd30aeb8b756619a5ffa22650a47a2045c6c88bea8050835f1cda51893ecc3285348fe0e00c9fcf6e48559935
- SSDEEP
  
  12288:u1qupWltwUuRQkQrO6qbIE3yM73wUYhiEq:uWtwQbrXq3ym1GP
Score

10^/10

qakbot bb 1663336370 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral3 behavioral4
- Target
  
  of/inHe.bat
- Size
  
  44B
- MD5
  
  e87754a1704ac08be66945965c26ef05
- SHA1
  
  a686cf071043ee8c5a6851ad8820496860cdc396
- SHA256
  
  5418eb6989cab253a70addc1a40f162be265e3771e73aa03a8b193c09f84c612
- SHA512
  
  fed5ae2cef4b493304ead08a152dc3ba0e95097e7ee47fc1cbbeb70de2daa276c999985e2b2a7eb50d43d6720079b3dd36844e414a117d8009b560a63dee0170
Score

1^/10
behavioral5 behavioral6
- Target
  
  of/thereCome.js
- Size
  
  284B
- MD5
  
  d11550ba27c24537c67d7e5a383e3a15
- SHA1
  
  ca22708bb9c8274d3468fcceafd487ff0e69514f
- SHA256
  
  5e6136291b901112762d2168b49c8b257d69df8c6f1faf225bb8adbeb9eb61a9
- SHA512
  
  eae694d13241ac7cf4a60c91294dd39311b46a429d2330f62f6398160a037930c298f8c9045a48e907edab8f65f47ac0e5d766bacf11c0f3d6acc5123af71f3c
Score

3^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8