qakbot | 23d78ea2962cd50935e51a4d71acc823769fb0b43a34b9654512f33c531ce1e9

General

Target

23d78ea2962cd50935e51a4d71acc823769fb0b43a34b9654512f33c531ce1e9
Size

604KB
Sample

220919-ks3dwsdcaq
MD5

70af32f0250e306d0b87b0c14efd4e2a
SHA1

a3fb3d7d252eb7fca21cd8cdeca9388c3e849998
SHA256

23d78ea2962cd50935e51a4d71acc823769fb0b43a34b9654512f33c531ce1e9
SHA512

890a02576e12d87adc70aeb0875e61651e9728aab281a0c3ed611839c3bc99ad6034f270699ee208d3386b95c28bf7896f87b7f612d9d626d7389e99933f97e6
SSDEEP

12288:p1qupWltwUuRQkQrO6qbIE3yM73wUYhiEqTUHW:pWtwQbrXq3ym1GPBW

Score

10^/10

qakbot bb 1663336370 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

403.894

Botnet

BB

Campaign

1663336370

C2

68.53.110.74:995

70.51.132.197:2222

78.100.228.93:995

78.100.225.34:2222

200.161.62.126:32101

179.111.111.88:32101

41.96.234.120:443

99.232.140.205:2222

105.99.213.235:995

217.165.68.125:993

88.231.221.198:995

193.3.19.37:443

70.49.33.200:2222

31.54.39.153:2078

102.38.97.72:995

119.82.111.158:443

134.35.10.207:443

45.51.148.111:993

186.154.92.181:443

66.181.164.43:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  GalleryF.lnk
- Size
  
  1KB
- MD5
  
  bc9832f1f69cc0408e4cf012d485abab
- SHA1
  
  0b48b3193bbb95997dbc5381edfeaa79c8b7deaf
- SHA256
  
  5641c1e706f66470417b540f822408dca1ac53f9b700cf9acf44ec9ee26dd0b3
- SHA512
  
  0e41d208d72da0d008a7457057fd4e43788cb264529a0c114a384ed4fd29e005dfbe6da0ab68a6eeb6ce88a8b22b3d066c767a2d88a547107eed239019f3dced
Score

3^/10
behavioral1 behavioral2
- Target
  
  of/allThose.db
- Size
  
  482KB
- MD5
  
  95c72c221343864a3a7d2bcbc03bce98
- SHA1
  
  c7d9e379eb9054092778f06066536f26379be173
- SHA256
  
  c53628e9a3d52b4236269209f57f941231ab89c4cc6c75a57a2abd95430fda7a
- SHA512
  
  d81ea80a10ecb342f204dfcd7384bc5eaa798c4dd30aeb8b756619a5ffa22650a47a2045c6c88bea8050835f1cda51893ecc3285348fe0e00c9fcf6e48559935
- SSDEEP
  
  12288:u1qupWltwUuRQkQrO6qbIE3yM73wUYhiEq:uWtwQbrXq3ym1GP
Score

10^/10

qakbot bb 1663336370 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral3 behavioral4
- Target
  
  of/moreWhich.bat
- Size
  
  45B
- MD5
  
  2a86db8cc4f53c2b3a229d6f06f5134c
- SHA1
  
  72312f171e26cb2bdd0a393c5a8be269e8aa7265
- SHA256
  
  3c57722e926ba1d7c987459edfed0700a329c3baf3c7df3ef622fb08f495043d
- SHA512
  
  04f4088ffe0afbf83ec15528e5d255633d64204fcf3a696280b93f8e2b0f6af3e191d8056a98505b74d13eea2381015eba1ab3c18e68c175a0c782f3b71f5635
Score

1^/10
behavioral5 behavioral6
- Target
  
  of/onlyWant.js
- Size
  
  289B
- MD5
  
  6d6fed3b73241fc86db38f551357ca4d
- SHA1
  
  a91900c5008775d7057061b2ed2fcaca2a6120fb
- SHA256
  
  4442b24d3be3522aa9ac9d7302606fc4364222c9d3d7adaf0dd118da7d6aaaee
- SHA512
  
  a8efe1d8bc84d69644ee122c47452486420e455b5f19dd1a45cde82e42ecc34712c13c14153358f5bf121252acad5d34d8e5eefa95e07f441b4ca7d5a7474bed
Score

3^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8