qakbot | 6101db66b6f6ff3e2dde06dbb36ff46225bb7e8ec090e5cfc89bd9bdd7b83c57

General

Target

Desktop.zip
Size

454KB
Sample

220922-tkl7daffcr
MD5

73b98bb90b1690fe47be8066a8a8dc5f
SHA1

839905aface04a27007b9edba8ee21577cfc5d54
SHA256

6101db66b6f6ff3e2dde06dbb36ff46225bb7e8ec090e5cfc89bd9bdd7b83c57
SHA512

4e9ab7e8eb57973a7c5a13308a572a7919b3ba6b4760cda40e637b5261a326f85f67aacf738c5862853035e8c9adbac11c569ce1d7235c1ed63314e4198e0ff4
SSDEEP

12288:fnWqj5dvHenWKkP8b+rq++D2ashC0WDqkLMarFEk:ftd3KkA+HhpqBoarFEk

Score

10^/10

qakbot bb 1663774884 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

403.895

Botnet

BB

Campaign

1663774884

C2

70.49.33.200:2222

181.118.183.123:443

99.232.140.205:2222

31.54.39.153:2078

173.218.180.91:443

193.3.19.37:443

134.35.8.88:443

41.97.152.42:443

70.51.132.197:2222

41.111.74.35:995

189.19.189.222:32101

105.156.139.150:443

217.165.68.59:993

119.82.111.158:443

111.125.157.230:443

125.25.129.70:443

197.94.84.128:443

177.255.14.99:995

187.205.222.100:443

190.44.40.48:995

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Contract.lnk
- Size
  
  1KB
- MD5
  
  92829042b2e3348c471b2cfdeecc5562
- SHA1
  
  e85e4b4c6b9e73ae225fd9c7b5795e8aaec26268
- SHA256
  
  daa930f32edbf434d97f406af0331821fd5dacc43cf1c4454773214ed2b17f40
- SHA512
  
  cde5916de25db4bbbddafa5d732a70dcc16d6e3e78f67071e62b9b7698f055ce43681de9e067130ad0fb9c40a3e87cf7994e402b495245cf9175e2f49cddd8cb
Score

3^/10
behavioral1 behavioral2
- Target
  
  unbelt/jamaican.db
- Size
  
  849KB
- MD5
  
  747a50a101b528a155c8095f1aef0230
- SHA1
  
  7a8c734481c95117009c57c8c81e077a2a5c5d96
- SHA256
  
  01fd6e0c8393a5f4112ea19a26bedffb31d6a01f4d3fe5721ca20f479766208f
- SHA512
  
  d5da3700be5c84bcb3bd3700f48d021c4fae0b0c64e8cc8fdf06d8094a4d3a497acf2fafcc05b0f6dbfa2e3e7be6d0b62c08f0328808837791ec586b7a690582
- SSDEEP
  
  12288:VByskGoWHwa0nZXKlhb/H9TT+iTojfQCA3kptT68JtQzB5UT+QD1lNMAFa:SnEjYNAeh4X668Jc5w9M+a
Score

10^/10

qakbot bb 1663774884 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral3 behavioral4
- Target
  
  unbelt/spatSinglehandedly.cmd
- Size
  
  164B
- MD5
  
  9976126da7ffa814061c67569ffa745b
- SHA1
  
  efbc55f35679df567926a5d3e65d0447042bec2b
- SHA256
  
  82a3b0f00d12830edcbcfb925bf6a06dd61b007be76e764f4856f30c4c09ff9a
- SHA512
  
  3a2c108415f0a9a2ce68cba6d2164b159327c179f7f4dcc677dae90d57987f30b92827dc5e33984bca11bea74ba8b3902af4a225c1f8975d933ecc8eceeef065
Score

1^/10
behavioral5 behavioral6
- Target
  
  unbelt/weathercockUnfolded.js
- Size
  
  185B
- MD5
  
  8ad66716fd5d12bb89367c9b5feed3c4
- SHA1
  
  b616899caf4904672062b205ab8b03c7cdb677f4
- SHA256
  
  4ec9addcb9ce1b3fe3b761b658571f6c13d7305aea67ba19b71c2afcd9b65285
- SHA512
  
  051b3db2410d5e3e83ca7f0f17a789169e4cc65fd8818bda52a5f098fd1edf863e2fcc4438f74b9b17a5e7d84d1e8c5d124c18016cd55435ba40936ba89debc7
Score

3^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8