qakbot | 8e9265fba8f03efd532c2a686f5adfbc203488570577210a16d87767125023d4

General

Target

Contract#5302.iso
Size

1.1MB
Sample

220922-vqx2hafgej
MD5

00f770cbcf347de2a4ccc2a8ad13375a
SHA1

ac5677fa3dd7f180c0b3cd98f9f89fafaf8f9068
SHA256

8e9265fba8f03efd532c2a686f5adfbc203488570577210a16d87767125023d4
SHA512

7828a62e256003ebf038d691e848c0978ca51621b9d056df60185060c1e0974f1af058a6cd1d4518e7f46da64ca4c431782224a3dbb8a47d8806c08632ef6d62
SSDEEP

12288:+39yPbTonKByskGoWHwa0nZXKlhb/H9TT+iTojfQCA3kptT68JtQzB5UT+QD1lNm:+39yPbToxnEjYNAeh4X668Jc5w9M+a

Score

10^/10

qakbot bb 1663774884 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

403.895

Botnet

BB

Campaign

1663774884

C2

70.49.33.200:2222

181.118.183.123:443

99.232.140.205:2222

31.54.39.153:2078

173.218.180.91:443

193.3.19.37:443

134.35.8.88:443

41.97.152.42:443

70.51.132.197:2222

41.111.74.35:995

189.19.189.222:32101

105.156.139.150:443

217.165.68.59:993

119.82.111.158:443

111.125.157.230:443

125.25.129.70:443

197.94.84.128:443

177.255.14.99:995

187.205.222.100:443

190.44.40.48:995

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Contract.lnk
- Size
  
  1KB
- MD5
  
  36467c48ef73692dd99d03e5b74741b6
- SHA1
  
  3985926ae4c66bf5dbdeb77aace3618e962cb4b5
- SHA256
  
  84bf02b093fe421f5476612c35264d3fc4b46bb5867ae01daafcc6174090f1d3
- SHA512
  
  c22ace659a6942e3bac6566aa3701ed8ec2d36f62c2f6bab86ad32b9616f3f35a3b4fa231e12b12e0faca6f9d88d9ba1e46e763982c6b335e89d763a578d5d18
Score

3^/10
behavioral1 behavioral2
- Target
  
  unbelt/guinea.db
- Size
  
  849KB
- MD5
  
  747a50a101b528a155c8095f1aef0230
- SHA1
  
  7a8c734481c95117009c57c8c81e077a2a5c5d96
- SHA256
  
  01fd6e0c8393a5f4112ea19a26bedffb31d6a01f4d3fe5721ca20f479766208f
- SHA512
  
  d5da3700be5c84bcb3bd3700f48d021c4fae0b0c64e8cc8fdf06d8094a4d3a497acf2fafcc05b0f6dbfa2e3e7be6d0b62c08f0328808837791ec586b7a690582
- SSDEEP
  
  12288:VByskGoWHwa0nZXKlhb/H9TT+iTojfQCA3kptT68JtQzB5UT+QD1lNMAFa:SnEjYNAeh4X668Jc5w9M+a
Score

10^/10

qakbot bb 1663774884 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral3 behavioral4
- Target
  
  unbelt/investsFettering.js
- Size
  
  189B
- MD5
  
  f3d0e6e48be31541ce454f002d0aa509
- SHA1
  
  c353ced7744564e6bdc7c789cc478ca9feba9a57
- SHA256
  
  7121790eb1c491e42771866d3c070865f8d72bada33d460992d2ce09b848c134
- SHA512
  
  952cf2df7801cae61dcb72fb75328a4e7287445d1aae1459417f3313094ef147b7c2ecb32d35ef57e401edd91545c57cfcacfc96fd810e78b4da57fd70422d76
Score

3^/10
behavioral5 behavioral6
- Target
  
  unbelt/staredDictatorial.cmd
- Size
  
  155B
- MD5
  
  d44a87b8cc1d34bba5a12c32fe331cdd
- SHA1
  
  f90dfd65c14480b456b6212a507cede8ed379f36
- SHA256
  
  3bab36658ee5bb5f60ba02ef3ac7bbbcdd5af2228f4f6927631a2f36f77330d1
- SHA512
  
  ae55059182a3598791c30a0435556b34bfe7df0dba5b19fba3b4ae06f13b55b0fe357fd8fd0bde3cf820bc4bda06d5f6e4591bc9218e7d60bee831446a355dad
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8