qakbot | 59d428f2bbe2c469a62cbb83b067faed395052f832ae24c224a92a5637feae2b

General

Target

ArtItem3069356283.zip
Size

592KB
Sample

220926-r8clqsccfl
MD5

d903a2b8081e90ad1e0e2f22381af631
SHA1

f748db7be9c9f0cd10388eda7ed822b16f509cbc
SHA256

59d428f2bbe2c469a62cbb83b067faed395052f832ae24c224a92a5637feae2b
SHA512

780dc3d94325808f66bafaee21e0c65b598a55c3a65d04b96be703c9cfbd09beccdb6a8f203a8b02fe4e7c4ff8aa084010bd8175f281e5e422e750f41d169f94
SSDEEP

12288:si0R6YOH/Ht1A1BxxzYfvZehPCRzDZOsfhxe64ZBEEvxdf7xN/uO5:gRRM/HTArxxzYfvZeh4zxz4ZBE+nf7L7

Score

10^/10

qakbot bb 1664184863 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

403.895

Botnet

BB

Campaign

1664184863

C2

197.204.227.155:443

123.23.64.230:443

173.218.180.91:443

111.125.157.230:443

70.49.33.200:2222

149.28.38.16:995

86.132.13.105:2078

149.28.38.16:443

45.77.159.252:995

45.77.159.252:443

149.28.63.197:995

144.202.15.58:443

45.63.10.144:443

45.63.10.144:995

149.28.63.197:443

144.202.15.58:995

39.121.226.109:443

177.255.14.99:995

134.35.10.30:443

99.232.140.205:2222

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Art.lnk
- Size
  
  1KB
- MD5
  
  fefc17d6aa9f7d780b46e5522ef82cd4
- SHA1
  
  b3bc4ffac5f281fe3514f2b9b906da3cf516257b
- SHA256
  
  c90c6e3c573657f6f8f9c2e38eaaa551a910722dd310c698ecb05959c9c931ac
- SHA512
  
  5516cb89a9ae7e243dc601747e93cb2c329cb2303f0303845b2036b2aae11a864d79a3f3199e88ecf5f067f75e6032388cbef2da2e04bd57afe0f3d32553cda6
Score

3^/10
behavioral1 behavioral2
- Target
  
  banners/deactivatesUnimpacted.js
- Size
  
  221B
- MD5
  
  5623424ab56c7e07254be7e9293899d5
- SHA1
  
  299344b845263468b0aca235f9471ab1db404b00
- SHA256
  
  5f0d5253dee3732ecc3948f906d3761cec53bc46ff9dda62fe7c6bd7b8ef95f2
- SHA512
  
  a413d46e29988ab2caf61d0ee39c8cdce7c6d093f04f91f6e148c2c6eca0d8132f918bfc7f06b6fac2317c99dc3d8c46e22a0a1e75986991200ab00f7cd6214a
Score

3^/10
behavioral3 behavioral4
- Target
  
  banners/incidentallyOnwards.cmd
- Size
  
  47B
- MD5
  
  d7f61797103b7d581fd410c5a5b5b355
- SHA1
  
  06365cb6170dd431426cbef61d0b2e5dab6b8c75
- SHA256
  
  67cd2b2f1def1266869a529cbc4018c6404702b531393c98c52072ea7eec3cd0
- SHA512
  
  c73e7099921ece84dae2bd6baf793f9de3009a00f2c8fac60888a2528521e7c30c0f09340d6eed0278cfb6bdd469a572bb04b4c0f1ff53d1dc00b8bb27ef8b29
Score

1^/10
behavioral5 behavioral6
- Target
  
  banners/machination.db
- Size
  
  1.1MB
- MD5
  
  e17ff4c8e0da566b6fbe6ce54101eee7
- SHA1
  
  ed92354f1a9500c9dc07dfe77e23d3193e905559
- SHA256
  
  0b353412e79686c5185dfdf185747e856f379c863ff41d82ce0ef4b69b31b747
- SHA512
  
  70b9b4f07b35cf617da318e79999d3593355c126d10ab01a30827cd0daaa0d0fe54bbc9ed8fce80372803573ad2f30ea30e177dbf9ca0eddcf4cafb87e081f30
- SSDEEP
  
  24576:wVeK7bHY/DS6wku4EmQKyMeRP7IYqsS/HdcoO9u+5w9M4a:wZjMpn6oO
Score

10^/10

qakbot bb 1664184863 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral7 behavioral8

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8