qakbot | d96d02243cad3bfd80eda30b240391d941969aa59c770507e16904ba10e6881e

General

Target

Contract#8879.iso
Size

1.1MB
Sample

220924-d9ewlabhal
MD5

c196d477026992295a275ea0a4e48035
SHA1

4d346fa25a05b812fed07487ff63208879415f8d
SHA256

d96d02243cad3bfd80eda30b240391d941969aa59c770507e16904ba10e6881e
SHA512

5823ec50ef403691c83ad4cebf75b3f782f9a3cc249d08d88ae4eb46040fcc1f4e92fb88143abf2d36d6b8fcfdc4dc7ec76d036346e4f93bffd03354126f7548
SSDEEP

12288:139yPbTo9KByskGoWHwa0nZXKlhb/H9TT+iTojfQCA3kptT68JtQzB5UT+QD1lNm:139yPbTornEjYNAeh4X668Jc5w9M+a

Score

10^/10

qakbot bb 1663774884 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

403.895

Botnet

BB

Campaign

1663774884

C2

70.49.33.200:2222

181.118.183.123:443

99.232.140.205:2222

31.54.39.153:2078

173.218.180.91:443

193.3.19.37:443

134.35.8.88:443

41.97.152.42:443

70.51.132.197:2222

41.111.74.35:995

189.19.189.222:32101

105.156.139.150:443

217.165.68.59:993

119.82.111.158:443

111.125.157.230:443

125.25.129.70:443

197.94.84.128:443

177.255.14.99:995

187.205.222.100:443

190.44.40.48:995

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Contract.lnk
- Size
  
  1KB
- MD5
  
  5100d6d3a1687599725094b3e5c06274
- SHA1
  
  42cd1580631979d0d1cd173f2519b92aa3538877
- SHA256
  
  4b443b68dcf295de405fae9fda1b830e00fbf34f61cdcda49ba4b6b8a3750780
- SHA512
  
  7fadb66a4588eeed1556c98c77b376c225502e490f6856524ec375c33f072376685fe6e7bb21edd8c563fdc9c46031f313aef87ec2f9de46c00c55e132bc8146
Score

3^/10
behavioral1 behavioral2
- Target
  
  unbelt/bridgetownPopularly.js
- Size
  
  196B
- MD5
  
  13ede809c68d115ede6c98a6c3f0d96c
- SHA1
  
  f41d683a0b6a92bd931898baa5b575e376af7f72
- SHA256
  
  1ec0f52c2c65e58b4ec2e48b6215c3f9ca29227c33d8c6e41a1c0775172b8e2f
- SHA512
  
  c6254a295240c6f91444b353f2b1cecbd8ae638034cc24ff0bdb3f02e2aea943cb36abbcd337c7e659da932d2a80457fdbe16463a1a08add87a4448e9fbdf30e
Score

3^/10
behavioral3 behavioral4
- Target
  
  unbelt/hotheaded.db
- Size
  
  849KB
- MD5
  
  747a50a101b528a155c8095f1aef0230
- SHA1
  
  7a8c734481c95117009c57c8c81e077a2a5c5d96
- SHA256
  
  01fd6e0c8393a5f4112ea19a26bedffb31d6a01f4d3fe5721ca20f479766208f
- SHA512
  
  d5da3700be5c84bcb3bd3700f48d021c4fae0b0c64e8cc8fdf06d8094a4d3a497acf2fafcc05b0f6dbfa2e3e7be6d0b62c08f0328808837791ec586b7a690582
- SSDEEP
  
  12288:VByskGoWHwa0nZXKlhb/H9TT+iTojfQCA3kptT68JtQzB5UT+QD1lNMAFa:SnEjYNAeh4X668Jc5w9M+a
Score

10^/10

qakbot bb 1663774884 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6
- Target
  
  unbelt/unmelodiouslySheila.cmd
- Size
  
  151B
- MD5
  
  d232f723ef1671b07599a215b5a42d0c
- SHA1
  
  f6713e0ff291b5567bed5df1a79626d37a6334f2
- SHA256
  
  82bae6618faefb6f58d78af7f14ef6d8affeceedc8d8427d6048a03f650bfe1d
- SHA512
  
  4bcf93924917ca714ba40bd85dc67ea15fd5ba5ffa3dac89c22c7d9eaf779e54c407400819ad0f3bab9010f107d7acee19af38ad0290084fe16c63b1f041c71a
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8