qakbot | 548d26386eec5d6a45acbfc0f518767e977a7378630929f82e659957da525e26

General

Target

Insurance#8910.iso
Size

1.1MB
Sample

220922-q8q9fsbfd3
MD5

10d387700a0b7857f40070726226795f
SHA1

57a7d3299c3edf5a872d04abcd21cb1b3610cd4b
SHA256

548d26386eec5d6a45acbfc0f518767e977a7378630929f82e659957da525e26
SHA512

0e04e9b66225ee3caf82680992d5a2423ece15e9e04274fbbf69ea999a062b29b9b2c52c61aedf5e85376986d114a97487f843fb32a90126ba3965369d80a14a
SSDEEP

24576:70hmPu9hXDCXw1GnEjYNAeh4X668JA5w9Mqa:7046RDCA1GdKY

Score

10^/10

qakbot bb 1663698873 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

403.895

Botnet

BB

Campaign

1663698873

C2

173.218.180.91:443

134.35.13.43:443

197.94.84.128:443

70.51.132.197:2222

181.118.183.123:443

189.19.189.222:32101

41.111.1.60:995

70.49.33.200:2222

99.232.140.205:2222

139.228.33.176:2222

193.3.19.37:443

41.99.57.155:443

177.255.14.99:995

31.54.39.153:2078

191.97.234.238:995

105.159.30.48:443

217.165.146.41:993

119.82.111.158:443

66.181.164.43:443

88.245.168.200:2222

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Insurance.lnk
- Size
  
  1KB
- MD5
  
  f8deeb8a67821ac94d86b989f2fd8e28
- SHA1
  
  03a3db8602739cf0537e9f444a4110d7c7a8b78f
- SHA256
  
  e07e18e2119bb9b1081bd521219b274864300329d5885b6ddf0ac1b337bbec2c
- SHA512
  
  76b590f15973b24b062c1220c09e873e7c3511021f5f07fe9b0a660c8b068ddea7f347d6930138830d67a9d2bdbc51ca7de3b8aaa04614acb51a891de45016ce
Score

3^/10
behavioral1 behavioral2
- Target
  
  breezily/crosswalkAssemblage.js
- Size
  
  195B
- MD5
  
  dd58792c2a207161bbe0cc92579f1658
- SHA1
  
  95a369dfb705a7c6283e8abc6ccd7dd7a3680daf
- SHA256
  
  7f7de612cd2a9afe93e73863f8ec9c7eb4847c6b82939368d3f48e6c1912dd20
- SHA512
  
  f2b6003be5fdbc78577fc5164201458d3f6c98677da0d74f9f1cd3baf915db198369dcfd7a659c2936d4913fe22cf8c4e4ae80e058974f08c177fbfcb22fa948
Score

3^/10
behavioral3 behavioral4
- Target
  
  breezily/rebukinglyHolistic.cmd
- Size
  
  161B
- MD5
  
  c8bbd6d8bf77e953dcab43b87f60173c
- SHA1
  
  4906e6485a960b8d197fa5a86de53555f4bae30d
- SHA256
  
  b25379d82a3dcee7acbbf50649747f6568b92891b0fd8945a792d5796aa28a23
- SHA512
  
  f61a6db59d28268c6dffda28c30f5bd143f4287aaff8f2f88ce1c2420924733d28f50671ff1f1b1f4b0cb167501d8d16950a37f768e93c1e718a0e466885ab70
Score

1^/10
behavioral5 behavioral6
- Target
  
  breezily/topping.db
- Size
  
  849KB
- MD5
  
  e22a4ef15b7c6c9eb884e445cefa2ef9
- SHA1
  
  b9da48940ae7e41de7bc6c0909ab53465d05e3c7
- SHA256
  
  5e5c55c133d644de044f5bcb782b618fd188a1c6ca707298815ab23295fb43c1
- SHA512
  
  3cc653b343d7f972d823e42bda4150c0747f81617b4f795e2724dfa4f0f0f10756fc068feaeedeb69ef7b4bdcd931908c5cfb0f1e8a170925915a771ff1738f8
- SSDEEP
  
  12288:VByskGoWHwa0nZXKlhb/H9TT+iTojfQCA3kptT68JtQrB5UT+QD1lNMABa:SnEjYNAeh4X668JA5w9Mqa
Score

10^/10

qakbot bb 1663698873 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral7 behavioral8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8