qakbot | 1c403fd488b70bde681b91a427ccf258d74bc1bd94c4633ed46beb38d60a0691

General

Target

1c403fd488b70bde681b91a427ccf258d74bc1bd94c4633ed46beb38d60a0691
Size

666KB
Sample

220919-ks3dwsdcap
MD5

b887a0d4886ec24a14b175e5fea28ad7
SHA1

1a024539a85a75fc175f6d3b34b5a092ce74f7d3
SHA256

1c403fd488b70bde681b91a427ccf258d74bc1bd94c4633ed46beb38d60a0691
SHA512

f7ffd37e6af04d96bb23552842e7d70e7130dde6c0a99c06cd931abdc3ee985645c057f18205f94065119b0f8816177d16a01c1c115a69dbe7dc1cbff26fac43
SSDEEP

12288:gj13EEe5jhTc9RWV0ukYTO0jZtWo16VZo/2LXf7nj7:gh3CFc9RQhu6Z4o1kZpLXf7nj7

Score

10^/10

qakbot bb 1663241219 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

403.892

Botnet

BB

Campaign

1663241219

C2

81.131.161.131:2078

217.165.85.223:993

37.210.148.30:995

200.161.62.126:32101

78.100.225.34:2222

119.82.111.158:443

66.181.164.43:443

134.35.13.45:443

193.3.19.37:443

99.232.140.205:2222

197.94.210.133:443

87.243.113.104:995

84.38.133.191:443

14.184.97.67:443

123.240.131.1:443

194.166.207.160:995

78.168.87.170:2222

180.180.131.95:443

41.99.21.248:443

190.44.40.48:995

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Report.lnk
- Size
  
  1KB
- MD5
  
  b614b226fa53112e744fd3e024e851f6
- SHA1
  
  cdd2d5e1a6a1be72017115613f0d093322c33e42
- SHA256
  
  c56954fddcdf84180b51e6ebc440cc0876ec479e109a2b499c911d64ef97a749
- SHA512
  
  a2341975f1dd9bb89b0c69b92198ab8aa0cf105b7a68668c2f64d4152b660d34aa2f1540f55dcc3c8158b82ad2939bd8309e07dcf676bb568776a005bf493d21
Score

3^/10
behavioral1 behavioral2
- Target
  
  their/becauseWill.bat
- Size
  
  41B
- MD5
  
  803bf9280e8dd7845defe2ba18789136
- SHA1
  
  d11ece280f732170da9c518d4c5d7838829a53d4
- SHA256
  
  56fe16a0f954b5ba1bb3cfc4526be8b6eb06aaf64fdc1b7f8b021a80e4c4109a
- SHA512
  
  8c49b679bf75911946a2c75f2d574a5a341f1b868be0077d844533cdd9782ee8d92c1c39bff979458e25e16bab9e63ca9ecbb37d2574921c5e3ad49ecdfce5de
Score

1^/10
behavioral3 behavioral4
- Target
  
  their/howUp.db
- Size
  
  486KB
- MD5
  
  8f5c7176c7d6918c65709b3473f32e01
- SHA1
  
  6fe72ca7fe4e1ca97e85e08a85debe26a7a8a0fe
- SHA256
  
  c302adb8d4c9b8c95d1df52b076c728c87c68d3b2103a03c9dde156aecf25f23
- SHA512
  
  5727c80f9c067690a1bd84fd24f5fd06731fec45dbd08d97e0c39f925950b5a3495dbf9c73ac461d0452c555293e233276b6bbf665588566a22487e67798d329
- SSDEEP
  
  12288:tj13EEe5jhTc9RWV0ukYTO0jZtWo16VZo/2LX:th3CFc9RQhu6Z4o1kZpLX
Score

10^/10

qakbot bb 1663241219 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6
- Target
  
  their/thingUp.js
- Size
  
  167B
- MD5
  
  4f6fb9f58861418cb21f8ffaa9916b0a
- SHA1
  
  0acd34b85edb572465411cab1b4219e02a3f1ae8
- SHA256
  
  fd6c4c273f07ba94fd0e98c3a9c790db8d93757fbc7dcbdb2ac3685a7f2a8e22
- SHA512
  
  e4d15b5a2a4b429e0a676e0cfe727ebc2eee6e80f5b03094a00efe60fa12354a70b968a7264ae7278028fe112ebf186645b7a30afc4f78d932e3139e8cb192f4
Score

3^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8