qakbot | 6f2ad3cbf94e38717fb4becdfe7bdeded42ef777879a55b596ae53d9442975be

General

Target

Contract#4299.iso
Size

1.1MB
Sample

220926-n6erjaafh3
MD5

0b6923383126a55a7d6f66dbc19c13e2
SHA1

16cf9eb8170858b14c81023c1c4409153a3041d5
SHA256

6f2ad3cbf94e38717fb4becdfe7bdeded42ef777879a55b596ae53d9442975be
SHA512

35e31867a5958fd153c12d8a48c4b6e73e8da769b73911c16e6750f03be9127d13ad8ec40410b5b12cd8a69782ae9dae87839f7bbef71c89ef77c3e3c74495ef
SSDEEP

12288:d39yPbTonKByskGoWHwa0nZXKlhb/H9TT+iTojfQCA3kptT68JtQzB5UT+QD1lNm:d39yPbToxnEjYNAeh4X668Jc5w9M+a

Score

10^/10

qakbot bb 1663774884 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

403.895

Botnet

BB

Campaign

1663774884

C2

70.49.33.200:2222

181.118.183.123:443

99.232.140.205:2222

31.54.39.153:2078

173.218.180.91:443

193.3.19.37:443

134.35.8.88:443

41.97.152.42:443

70.51.132.197:2222

41.111.74.35:995

189.19.189.222:32101

105.156.139.150:443

217.165.68.59:993

119.82.111.158:443

111.125.157.230:443

125.25.129.70:443

197.94.84.128:443

177.255.14.99:995

187.205.222.100:443

190.44.40.48:995

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Contract.lnk
- Size
  
  1KB
- MD5
  
  f3e825cec397bb04069f39ae8819d8c3
- SHA1
  
  6ddb23f253d793ddd8941576788233115b6b47df
- SHA256
  
  aa71ba24c476c5d51ddd54df09f3309ee767b1892b93ca4f035b43b8ef7dba7d
- SHA512
  
  9fb73edc4c609366cb1bbfe0a1fc3455d882275e3c78d7801f11ec9efdc4fc4f8b1854915dec3ce163b1a8d0d9ae3ce006e004001ca7d0ecb2d9bd7b9ebf9fa5
Score

3^/10
behavioral1 behavioral2
- Target
  
  unbelt/fifty.db
- Size
  
  849KB
- MD5
  
  747a50a101b528a155c8095f1aef0230
- SHA1
  
  7a8c734481c95117009c57c8c81e077a2a5c5d96
- SHA256
  
  01fd6e0c8393a5f4112ea19a26bedffb31d6a01f4d3fe5721ca20f479766208f
- SHA512
  
  d5da3700be5c84bcb3bd3700f48d021c4fae0b0c64e8cc8fdf06d8094a4d3a497acf2fafcc05b0f6dbfa2e3e7be6d0b62c08f0328808837791ec586b7a690582
- SSDEEP
  
  12288:VByskGoWHwa0nZXKlhb/H9TT+iTojfQCA3kptT68JtQzB5UT+QD1lNMAFa:SnEjYNAeh4X668Jc5w9M+a
Score

10^/10

qakbot bb 1663774884 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral3 behavioral4
- Target
  
  unbelt/pressurizingFollowing.js
- Size
  
  178B
- MD5
  
  0788ccab7dbd4bc1255203bcb92b5294
- SHA1
  
  47f0435e24c52ac8977be616970fe5b34491e7cf
- SHA256
  
  94259efd6a495de885df659739dc28267997983db1bb851b01178f0b2db4e254
- SHA512
  
  31bb50b028d72c47dae0dc9e91c1a05eb72d20e0b3346901c352555298b3df6180d2484c34b80294121055d633733d4e58bae774b1d32463cb54eb99cab1365a
Score

3^/10
behavioral5 behavioral6
- Target
  
  unbelt/ticklingClinically.cmd
- Size
  
  159B
- MD5
  
  5f63ecfa2af794cf8260c8768b1af01d
- SHA1
  
  0e404fdc2a2e8d9704466d0df90e557b2872c1c3
- SHA256
  
  edd410a471305ee263effa17653c161253e2984bbf7df6cd4f1dd18316ce50b3
- SHA512
  
  c25ebf2797bbe31041efd43e434a1a19b42c92055015f2d99285e9741c771db3b4c271351ae06f682264afe991daddbb10ab9198c58351cb2e68181f02d7f2d2
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8