qakbot | 7c32fe586adcc55d0b9b4a2944d22a8c5cb29894ef1ea6f30b074a2b1588c422

General

Target

Learn#4691.iso
Size

562KB
Sample

220920-q9tqzaggaq
MD5

c0f6d661aa433a6451832401b1f58fe4
SHA1

021beea6edea4f232f620b4a9cb3d300cb6e97a4
SHA256

7c32fe586adcc55d0b9b4a2944d22a8c5cb29894ef1ea6f30b074a2b1588c422
SHA512

e495c471bedf264e7fca0d862dc9effb233bedfba28089463e445f07283460250f9620425b0bd5e5122e1c770d518c56f9593ee381019f40f097b56d922a9efc
SSDEEP

12288:dOlHAw9wvOVwZwGxaDf9jruGCgT1tOFUEc0/3yFHiyNbzezVM:wHAw9wqwZwAaL93rh4FUEbKHVZex

Score

10^/10

qakbot bb 1663658394 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

403.894

Botnet

BB

Campaign

1663658394

C2

66.181.164.43:443

181.118.183.123:443

88.245.168.200:2222

70.49.33.200:2222

193.3.19.37:443

99.232.140.205:2222

110.4.255.247:443

134.35.9.144:443

89.211.217.38:995

64.207.215.69:443

83.110.219.59:993

119.82.111.158:443

197.94.84.128:443

177.255.14.99:995

41.103.226.172:443

109.155.5.164:993

190.44.40.48:995

187.205.222.100:443

41.107.78.223:995

191.97.234.238:995

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Learn.lnk
- Size
  
  1KB
- MD5
  
  e2ee95060c231015da744a2b4420a4dd
- SHA1
  
  390c8b664bb0692b6dee8eaefe961af8fc7bb2ae
- SHA256
  
  b299e4ef6bb3a8bd7309a0d8aab7fb9454e7952925accfc97a41de9fcb4e8d6a
- SHA512
  
  7b39f61da83698895855c2cd1d3e12cdb25c4ce96733890c13b7dfc311d0bd76a242913851103ae2752cb7eaea84ef3e09a2df6ea00c04842c04c3417fa89e99
Score

3^/10
behavioral1 behavioral2
- Target
  
  swindles/bordeauxSurpass.cmd
- Size
  
  158B
- MD5
  
  afb51c5790a0d7ce47f3806fb7e29aa7
- SHA1
  
  d1f2c08f6e952b9b19129537942bb6a4680420c3
- SHA256
  
  dce100148b899c9e0e2ef691a2f247933e726f6c61325c46e496653c26588203
- SHA512
  
  35d98cb4714ef08d24bacb51e5f84068d9ddc750945a27a03b8eb655cb9620729abd27d89fae5813f92aa3ebf6f51c29a077ec0a9b87fb53fecfba88b243235b
Score

1^/10
behavioral3 behavioral4
- Target
  
  swindles/praiseworthiness.db
- Size
  
  376KB
- MD5
  
  37d2c73ff9e9e454259fa917faa9bff0
- SHA1
  
  25986edc3253ed075440deab8f997b1c627c397b
- SHA256
  
  c388c0ab3f7293e84e5fa178a8094ba056125f1a8d3fc9c775d24624e80d214e
- SHA512
  
  d4baaed156a07ba02ce51125f507fed5ef689c191de2f22331f4982524b7845dbc92f1ec6a878ecaa1df4c8dfd2628d3093c1445bfe75ec2d5ba0be8edc17fbb
- SSDEEP
  
  6144:7xyThh4e3t8f182quGCgT1tsjFUG6KeD2V4ARck3LLTa1oFQFHYh/yX0r4gAbqM2:7xaDf9jruGCgT1tOFUEc0/3yFHiyNbz
Score

10^/10

qakbot bb 1663658394 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6
- Target
  
  swindles/signatorySin.js
- Size
  
  189B
- MD5
  
  dd54e89411501fedf5580aad7afd9c31
- SHA1
  
  696c17f85a64bd4eb3f15153d4bcf87e70467b19
- SHA256
  
  bf8aff3cd4fee0902669a8151fb9187128aa2d8a2609879f86939ce06001e224
- SHA512
  
  f4a598a077632b12635e41c5601a44d8920907d2d972370225d6c011f484b1303e0cc88637579d5d5f9825056f585c77dd66242908d9f3372c5f06b68c4978ad
Score

3^/10
behavioral7 behavioral8

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8