qakbot | 00a876d2a34b6c54f82fbd775dfd486b1c6c08900a11bd759c23afb76f9e43d6

General

Target

00a876d2a34b6c54f82fbd775dfd486b1c6c08900a11bd759c23afb76f9e43d6
Size

604KB
Sample

220919-ks2scsdcal
MD5

c597207d9a51afe391f433e021cac20b
SHA1

eccb80e4c40ff22e25cbd6bdd98ad8f275e09166
SHA256

00a876d2a34b6c54f82fbd775dfd486b1c6c08900a11bd759c23afb76f9e43d6
SHA512

da685f14ffa092e1781b7c0e1fa98a1bd15a221de433113fcd1f6fe047751b2de74a879ac1ac6722d50930a647d2490f8c8d1a444725db57c399a00c7f324a87
SSDEEP

12288:K1qupWltwUuRQkQrO6qbIE3yM73wUYhiEqfUHW:KWtwQbrXq3ym1GPtW

Score

10^/10

qakbot bb 1663336370 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

403.894

Botnet

BB

Campaign

1663336370

C2

68.53.110.74:995

70.51.132.197:2222

78.100.228.93:995

78.100.225.34:2222

200.161.62.126:32101

179.111.111.88:32101

41.96.234.120:443

99.232.140.205:2222

105.99.213.235:995

217.165.68.125:993

88.231.221.198:995

193.3.19.37:443

70.49.33.200:2222

31.54.39.153:2078

102.38.97.72:995

119.82.111.158:443

134.35.10.207:443

45.51.148.111:993

186.154.92.181:443

66.181.164.43:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  GalleryF.lnk
- Size
  
  1KB
- MD5
  
  f8949b6f7f843f3f144670318b795574
- SHA1
  
  bdfb504893ffbbe6c62202831d196b7225a4d363
- SHA256
  
  9747c0960d8deff18764df9122d75cd41d5e12368fa13c7ae09715e82c02d6eb
- SHA512
  
  dec67c808258893786954e6e47715d1a03794c267d510b2467d2bc7f8eaefa7d45774553f9bfc75e82cdd29a322f5154000b5c8e07d4eae692ad66396b6b1752
Score

3^/10
behavioral1 behavioral2
- Target
  
  of/becauseBecause.db
- Size
  
  482KB
- MD5
  
  95c72c221343864a3a7d2bcbc03bce98
- SHA1
  
  c7d9e379eb9054092778f06066536f26379be173
- SHA256
  
  c53628e9a3d52b4236269209f57f941231ab89c4cc6c75a57a2abd95430fda7a
- SHA512
  
  d81ea80a10ecb342f204dfcd7384bc5eaa798c4dd30aeb8b756619a5ffa22650a47a2045c6c88bea8050835f1cda51893ecc3285348fe0e00c9fcf6e48559935
- SSDEEP
  
  12288:u1qupWltwUuRQkQrO6qbIE3yM73wUYhiEq:uWtwQbrXq3ym1GP
Score

10^/10

qakbot bb 1663336370 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral3 behavioral4
- Target
  
  of/evenSome.bat
- Size
  
  51B
- MD5
  
  fa04a1c8e30d17acfdf7fe3e28b4b9cb
- SHA1
  
  e76b16782d988e00c24ecd18e6b21a82c51622a4
- SHA256
  
  4b57c7b884ae4768e48bdb90516f8ff254c706c6dc02398d1bb5b6fb6f04b546
- SHA512
  
  9ea1782212979643c25598414d677c2d96d74980d8b5be33cb09776932f7c35b2a3e102743908dc9ad8d42731adeb7923b8c5a4867c8105ef9cdedac753f3a7d
Score

1^/10
behavioral5 behavioral6
- Target
  
  of/fromHim.js
- Size
  
  288B
- MD5
  
  5329532a74b05bbc2b6ecd6ee883bae7
- SHA1
  
  bd9edb36102986d223a00c8616b436df269ed63a
- SHA256
  
  b58427753ca41dbf2bb7dcf9db73c0790d13d7c16b27266f2329ec133beb713b
- SHA512
  
  22397d88ee53674a760f9520bfc2938d696e9f85a6e6ad089a9029181424c8b324a8e10b34041c867d307ff34907c4605e6e15c3a31a240dd02be1223ec60157
Score

3^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8