qakbot | 4c54e84264fb7eec40745bfcfa6f61260377f231f5cbb508282f7f40b6617ade

General

Target

Art#2159.iso
Size

1.2MB
Sample

220926-raphmscben
MD5

d83b9e55fc9af333e61da437316b5cb6
SHA1

f17771d0a9cff212f5c31b73482557eee67095c9
SHA256

4c54e84264fb7eec40745bfcfa6f61260377f231f5cbb508282f7f40b6617ade
SHA512

eb591eefa00750f25aba1d5e2869d4602bdfb72fa32946ab1a53a431620d1c1b6f659471fe726a290fb3d30a4e32c66d6b549b79b97cc5488fa297654931506c
SSDEEP

24576:0vcd7VeK7bHY/DS6wku4EmQKyMeRP7IYqsS/HdcoO9u+5w9M4a:ccd7ZjMpn6oO

Score

10^/10

qakbot bb 1664184863 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

403.895

Botnet

BB

Campaign

1664184863

C2

197.204.227.155:443

123.23.64.230:443

173.218.180.91:443

111.125.157.230:443

70.49.33.200:2222

149.28.38.16:995

86.132.13.105:2078

149.28.38.16:443

45.77.159.252:995

45.77.159.252:443

149.28.63.197:995

144.202.15.58:443

45.63.10.144:443

45.63.10.144:995

149.28.63.197:443

144.202.15.58:995

39.121.226.109:443

177.255.14.99:995

134.35.10.30:443

99.232.140.205:2222

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Art.lnk
- Size
  
  1KB
- MD5
  
  c66d6133b4d79cbde580a9ae9f70d3fd
- SHA1
  
  6f537f78bab29d465005f831afb4a5e5fb5021c7
- SHA256
  
  4bfe33476c04846c1ab787d2818228e97740c0378b219eac626f2ffc8e919a4c
- SHA512
  
  8f8e08d24213dcbeb0270d7bfdcfbd3156bdb92a164021315313450a26b0d181c74f9fdec5ae31e6727aef5f7ed84d940e2bd8df0a196f8f8e8aee24402618d5
Score

3^/10
behavioral1 behavioral2
- Target
  
  banners/dialoguesDetonations.js
- Size
  
  220B
- MD5
  
  823d19455e57e2dd71dc7332a7cce147
- SHA1
  
  2a5082b704c0a7f2ad5a87f48dc07dc670e5776d
- SHA256
  
  ed0a03d184b6d50be3729367062b196f25e05a2d2f316f75c5d8d9ea7f2c52ad
- SHA512
  
  320e03a63a6227eb516883c5344f6f2b7e9d8c2a7e57bb348203a1ede0865340b21cc987e1a0ea7ccb55d247b2efcd9f04dbe066c8c0819cfc46b4a7ef82ffc1
Score

3^/10
behavioral3 behavioral4
- Target
  
  banners/recipiencyBlasphemous.cmd
- Size
  
  44B
- MD5
  
  685f05a28c6ddc4dd15c2503e31051c1
- SHA1
  
  3f65ace585a61af65ba2dac500ca28925b6c195a
- SHA256
  
  5539008a74556a344e6f144dab41b422e01f04ff52f62b0e13de440c01777052
- SHA512
  
  b51b425329e2168757d7feb6bf8bb71a131522e3120d1c6aa0e5af96f3289c5787e41fec07e92cca1b0b13ac4cca8cacc5b0d9aaa2e46abf76bde683cf9ddcc7
Score

1^/10
behavioral5 behavioral6
- Target
  
  banners/treeless.db
- Size
  
  1.1MB
- MD5
  
  e17ff4c8e0da566b6fbe6ce54101eee7
- SHA1
  
  ed92354f1a9500c9dc07dfe77e23d3193e905559
- SHA256
  
  0b353412e79686c5185dfdf185747e856f379c863ff41d82ce0ef4b69b31b747
- SHA512
  
  70b9b4f07b35cf617da318e79999d3593355c126d10ab01a30827cd0daaa0d0fe54bbc9ed8fce80372803573ad2f30ea30e177dbf9ca0eddcf4cafb87e081f30
- SSDEEP
  
  24576:wVeK7bHY/DS6wku4EmQKyMeRP7IYqsS/HdcoO9u+5w9M4a:wZjMpn6oO
Score

10^/10

qakbot bb 1664184863 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral7 behavioral8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8