qakbot | 4367ef10c26ce4b66be5a31f39529d7eb0a167da0321be894e43d4ed577385cf

General

Target

Insurance#1880.iso
Size

1.1MB
Sample

220922-rlpmsafdgl
MD5

a57ffd6724b8b316f9d14d9940650274
SHA1

7bfea40e9a4a99c925d814fc6323947249f62ab3
SHA256

4367ef10c26ce4b66be5a31f39529d7eb0a167da0321be894e43d4ed577385cf
SHA512

c30f9309863a0d223f8db28b74daf6d5c209d684daf67d6c1ac5d52172b4b5bbe18f0bc729ae16b9c7e5ba3b5efb8398b7455e85835f0f34a1baabda36f8b76d
SSDEEP

24576:J0hmPu9hXDCXw1gnEjYNAeh4X668JA5w9Mqa:J046RDCA1gdKY

Score

10^/10

qakbot bb 1663698873 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

403.895

Botnet

BB

Campaign

1663698873

C2

173.218.180.91:443

134.35.13.43:443

197.94.84.128:443

70.51.132.197:2222

181.118.183.123:443

189.19.189.222:32101

41.111.1.60:995

70.49.33.200:2222

99.232.140.205:2222

139.228.33.176:2222

193.3.19.37:443

41.99.57.155:443

177.255.14.99:995

31.54.39.153:2078

191.97.234.238:995

105.159.30.48:443

217.165.146.41:993

119.82.111.158:443

66.181.164.43:443

88.245.168.200:2222

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Insurance.lnk
- Size
  
  1KB
- MD5
  
  764c1c3f104e10245efdbfcfb43fd50a
- SHA1
  
  2d53ddee44fc403573106f74ab151f57c015f616
- SHA256
  
  035e1577eeeef4d4e1678c55d30622ca92bd31ec5f5df4199408d0e06ffc287c
- SHA512
  
  27fc64b616d20caee9f01620ea45da0201ffe89b855fa81d8d49ae96a1199191d47f164f7f16387a49328d95c5c5b99dd268439b27fe77edf8ef8136a9c878f0
Score

3^/10
behavioral1 behavioral2
- Target
  
  breezily/reaganAsquith.cmd
- Size
  
  159B
- MD5
  
  0f4075cd1217c87056d9852270cec455
- SHA1
  
  0523246ae104d37eb8c1ae6bae95c89b5b06919b
- SHA256
  
  2cc507bd552eb571d9d6cf7e695a2a76ca822cfa989273831bd6053b3c5cccf6
- SHA512
  
  21348dca61d450146761cb1e83000d22bb8d3e977a619fed78dabe5071cec2732bd8fa16b11e2a17e3950e4c80c776e6744cdeb2fc7721edf91d95a35b159341
Score

1^/10
behavioral3 behavioral4
- Target
  
  breezily/streakingTarrying.js
- Size
  
  192B
- MD5
  
  db4f3e89853e4bf12c70c8616c953bca
- SHA1
  
  43fb99b150ec45a9bc4dfcc833acbe9067427b97
- SHA256
  
  c898f27577db87e72b0800ddab3f6040ea339ca6b7324b6916c7bbbd9ac9b4ca
- SHA512
  
  fe92fa00328f2e57d535c552438565e0d87f042f082e924dc141caacffb0086de3524c1aa911e1b3ada0959a2de9c42d55e968bf9ce49f689076ffadddbc6210
Score

3^/10
behavioral5 behavioral6
- Target
  
  breezily/torpors.db
- Size
  
  849KB
- MD5
  
  e22a4ef15b7c6c9eb884e445cefa2ef9
- SHA1
  
  b9da48940ae7e41de7bc6c0909ab53465d05e3c7
- SHA256
  
  5e5c55c133d644de044f5bcb782b618fd188a1c6ca707298815ab23295fb43c1
- SHA512
  
  3cc653b343d7f972d823e42bda4150c0747f81617b4f795e2724dfa4f0f0f10756fc068feaeedeb69ef7b4bdcd931908c5cfb0f1e8a170925915a771ff1738f8
- SSDEEP
  
  12288:VByskGoWHwa0nZXKlhb/H9TT+iTojfQCA3kptT68JtQrB5UT+QD1lNMABa:SnEjYNAeh4X668JA5w9Mqa
Score

10^/10

qakbot bb 1663698873 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral7 behavioral8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8