qakbot | df83a0141850ba352899bd7eaaac601d2e28fe742c4585f41bcd7d6f6fbd89b2

General

Target

Contract#8783.iso
Size

1.1MB
Sample

220924-djpccaadg7
MD5

8cc12f1c5d185e9b9d62b45535c92e51
SHA1

2cbb34811309f1ee793abaebb4632ae4eab877f3
SHA256

df83a0141850ba352899bd7eaaac601d2e28fe742c4585f41bcd7d6f6fbd89b2
SHA512

94f7a5d843fb6a8e44bf258e03187dacd14aa1d2a8276b8e9e46dc6cb311fe1458820b9e3f89428b744f476b31e7967f6bf453ba1a179a943fb191a03436e5a6
SSDEEP

12288:E39yPbTocByskGoWHwa0nZXKlhb/H9TT+iTojfQCA3kptT68JtQzB5UT+QD1lNM9:E39yPbTojnEjYNAeh4X668Jc5w9M+a

Score

10^/10

qakbot bb 1663774884 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

403.895

Botnet

BB

Campaign

1663774884

C2

70.49.33.200:2222

181.118.183.123:443

99.232.140.205:2222

31.54.39.153:2078

173.218.180.91:443

193.3.19.37:443

134.35.8.88:443

41.97.152.42:443

70.51.132.197:2222

41.111.74.35:995

189.19.189.222:32101

105.156.139.150:443

217.165.68.59:993

119.82.111.158:443

111.125.157.230:443

125.25.129.70:443

197.94.84.128:443

177.255.14.99:995

187.205.222.100:443

190.44.40.48:995

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Contract.lnk
- Size
  
  1KB
- MD5
  
  8c6f5e59e0893edda9d21964d9f6612e
- SHA1
  
  f1bd5299ba068f6fe4d637176d13e49ad6df13a7
- SHA256
  
  6a0ba0135e16f41fc87dfd7ce52b74d12c77cf9768b6cc4ce2ac1c065d80c06a
- SHA512
  
  e87e4740e9e43eca047c6b5d7d8c42dccf4bd0a18452f33cb2c7080806bdf6054cbf4dcf1f6200e171545e0ccfaba636f78b0459909135ebd69e0bf1519941f1
Score

3^/10
behavioral1 behavioral2
- Target
  
  unbelt/cherishingYawn.js
- Size
  
  181B
- MD5
  
  c056db077d12e65e36c8b99630e9db4d
- SHA1
  
  e06e2be65dffe35102ae6e66b98ea67217e7d788
- SHA256
  
  976654e210eeb04c4554ccb66ad604c10f92d369b7155cbd8f4b1b0ec3d2278f
- SHA512
  
  2972c8b15c313f8c431d65e16d501266d83e094c9b78e4cac5a6e69e11cc79bc11a7cffe2eed540e6ef7d4175a6787693c653af4faf09be1dfc9977396647b1c
Score

3^/10
behavioral3 behavioral4
- Target
  
  unbelt/cymbal.db
- Size
  
  849KB
- MD5
  
  747a50a101b528a155c8095f1aef0230
- SHA1
  
  7a8c734481c95117009c57c8c81e077a2a5c5d96
- SHA256
  
  01fd6e0c8393a5f4112ea19a26bedffb31d6a01f4d3fe5721ca20f479766208f
- SHA512
  
  d5da3700be5c84bcb3bd3700f48d021c4fae0b0c64e8cc8fdf06d8094a4d3a497acf2fafcc05b0f6dbfa2e3e7be6d0b62c08f0328808837791ec586b7a690582
- SSDEEP
  
  12288:VByskGoWHwa0nZXKlhb/H9TT+iTojfQCA3kptT68JtQzB5UT+QD1lNMAFa:SnEjYNAeh4X668Jc5w9M+a
Score

10^/10

qakbot bb 1663774884 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6
- Target
  
  unbelt/skitsAdmiration.cmd
- Size
  
  149B
- MD5
  
  6afddbc94dd2d6f1d5af45b394288e17
- SHA1
  
  7d9f64759c5c2091dbed23e1b61184666f6e32b7
- SHA256
  
  c9f9f87abd2d5e917e1de10a2ff4c341ad80f26ae4a740787884fb8842eee5ef
- SHA512
  
  dcd7482c114bdfce271749c0163f46baa17e224b15ef50dddd9ffc8123a0359c757885f04ea32e4b62adea5504eea95bdba5ed385e0b623491b9072e6f5a59c5
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8