qakbot | 1e7b28d02a08d5c7268f623c1acd5c2e9b7bc4cb8195a9cd91afd69519789ee9

Sharing

Copy URL

Twitter E-mail

General

Target

Public#2154.iso
Size

1.1MB
Sample

220920-lpb8zaceg8
MD5

3105b433d3245f71b464809521426c92
SHA1

0344cc3d718b1d561cc192cd8e7908400eb7538b
SHA256

1e7b28d02a08d5c7268f623c1acd5c2e9b7bc4cb8195a9cd91afd69519789ee9
SHA512

a13a451f692ebb2d440b18f5e7f5476f9b5a679ae2a792db332f78f6c25c370808694770ae1782a43cb60781f381b4dd8400a813084f77ed50355491be73219d
SSDEEP

12288:wDHykY4XA+Tdb0guWIUjoxRxus7grz1yqpn0CgB3gLYFvknxByn5I117KcU4Mxn:wDHykYrCG5b2ofd7grzZ5093QMOQ5iM

Score

10^/10

qakbot bb 1663570298 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

403.894

Botnet

Campaign

1663570298

70.49.33.200:2222

66.181.164.43:443

109.155.5.164:993

99.232.140.205:2222

78.100.228.93:995

64.207.215.69:443

134.35.13.201:443

86.98.156.218:993

119.82.111.158:443

193.3.19.37:443

177.255.14.99:995

68.224.229.42:443

190.44.40.48:995

187.205.222.100:443

41.97.76.61:443

41.111.77.115:995

196.64.239.93:443

100.1.5.250:995

194.166.205.204:995

88.232.207.24:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  PublicItem.lnk
- Size
  
  1KB
- MD5
  
  83d4bab4e43cde185d10ff62b3368341
- SHA1
  
  339747d844766227d7ba713427af4e2efb7de190
- SHA256
  
  5bd9afce5aadf696d1c3f79451177c772d0df7d1e4c0e43219e320613aa69fc6
- SHA512
  
  4053c9b7603f186cb0e76aabbf582e96c4504e291f72be3e6ae73e672c3c3ed54fc643a40ffc172a936721d92e067fcefeb1a7f81fa5aa9bd5193b41ad91034b
Score

3^/10
behavioral1 behavioral2
- Target
  
  democratization/cachedSkullduggery.cmd
- Size
  
  50B
- MD5
  
  0339193fe89a8734ff93dc8ae9d0ff4e
- SHA1
  
  d6be5c96e84c80339d2b18a79ffe19b185a42a02
- SHA256
  
  c093c6dee8f41f25797092770c9fa2eb9bdbf79be8d848b8a02d26165b09822b
- SHA512
  
  4984482d91ccc79745c05cc40c58ce05328e09965a2fc6e4ae3eebb8f951f8b9f7e90461f2f7efa23327d9973a7f34edfb9dd3045ad279a74be8f360c1ebc865
Score

1^/10
behavioral3 behavioral4
- Target
  
  democratization/peninsulasBunchiest.js
- Size
  
  228B
- MD5
  
  f8216f35a7d6bf5fc0c257f6245a75c1
- SHA1
  
  1b0156be287efb730a280218a612f65888240e74
- SHA256
  
  6bad69fb02908f33760f0affbdece6c2efe6261975cdfbcea437d1ae3f1ca3d7
- SHA512
  
  10b7d41a06450a9f164d3f108add3e1d8a4b06cb1a3a3cd06b11d120687bc4257e4cca16a582702d7535a9a0d95afeb78bfe22b22f2a004c6367df49f836b6a2
Score

3^/10
behavioral5 behavioral6
- Target
  
  democratization/wrestle.db
- Size
  
  806KB
- MD5
  
  665a19143949121b401c8ecdc6c5f6e2
- SHA1
  
  d2ae17106355a04defc3df935ea5ec0deae59546
- SHA256
  
  e2cf414871e798f430eb9e54ae5d955b6ada4315b3af7418d209ac887028427f
- SHA512
  
  edf5f8d874a2e42d2a453fb7dea0810226ac0d0f7ce34947e9ff4b958d3c4e4be61855dcb0a1a5a7daf9a4ffb34c2a959bad04b4ee3064f9c74b93077c2ab77f
- SSDEEP
  
  12288:+XA+Tdb0guWIUjoxRxus7grz1yqpn0CgB3gLYFvknxByn5I117KcU4Mxn:5CG5b2ofd7grzZ5093QMOQ5iM
Score

10^/10

qakbot bb 1663570298 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral7 behavioral8

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8