qakbot | debb91f0b70701b68b76033797daef07def046e214fc72e73327002d7e2ef862

General

Target

3ruR8LcHAbaLdgM3l9rvB97wRuIU-HLnMycALX4u_GI.bin
Size

592KB
Sample

220926-s36hascddn
MD5

ba84d8be25ee86f4818ab31fb3fda41d
SHA1

eb83c17e981015e75960149be9ea29a3b75f5925
SHA256

debb91f0b70701b68b76033797daef07def046e214fc72e73327002d7e2ef862
SHA512

548c3bf946a16d8e899e45ac6b3cb3cf341dfaffcbbaf53a49e6d99ea97c8a6db45e7a58923f00b33b7ad5cc532132fce598d6c86f9a02ca86ab02112de44caf
SSDEEP

12288:o/KB1Vzi4P6wORUHTRyQ5aQPcuLDDcfkRmnnDRUjDlJMaYpR1m3:QKPdwrRUzdouLDYkcDQTMv03

Score

10^/10

qakbot bb 1664184863 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

403.895

Botnet

BB

Campaign

1664184863

C2

197.204.227.155:443

123.23.64.230:443

173.218.180.91:443

111.125.157.230:443

70.49.33.200:2222

149.28.38.16:995

86.132.13.105:2078

149.28.38.16:443

45.77.159.252:995

45.77.159.252:443

149.28.63.197:995

144.202.15.58:443

45.63.10.144:443

45.63.10.144:995

149.28.63.197:443

144.202.15.58:995

39.121.226.109:443

177.255.14.99:995

134.35.10.30:443

99.232.140.205:2222

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Art.lnk
- Size
  
  1KB
- MD5
  
  201abc990000cc0e05e3358d29d81a9b
- SHA1
  
  6008293bf2c8d849e73230d572d8c31554083c3e
- SHA256
  
  b3202c863d8170fb146773ee8bfeb7d57c1be6d749669eb05d291be1d284ccc1
- SHA512
  
  e8fd86e9c551e8b6b1fa75e8f1fdc3ce372af47eddecb5fa628741ce59c9e227e91d1fedb4ed863de9464c3724667ee541b7ba4421a2e6f533a0233f82bdf4a1
Score

3^/10
behavioral1 behavioral2
- Target
  
  banners/codifyingEndowments.js
- Size
  
  216B
- MD5
  
  b023084e1e3f85d1f6a7c93b560e7151
- SHA1
  
  d3ebd0a4528a781020d6985767a8ada1c585e95d
- SHA256
  
  ede0b6e6d181992767791bc1a9fc029953acfdcc4012c86b3273bf5f47f5e77c
- SHA512
  
  95cc7a77bdb5a515b75966915df0c6a5f874f622d4e52d89fad5502ea8de1d4f5f7a6a08b093978f39608d937a31def60415560e5c0cf36f7c41c5b465db66c1
Score

3^/10
behavioral3 behavioral4
- Target
  
  banners/muddled.db
- Size
  
  1.1MB
- MD5
  
  e17ff4c8e0da566b6fbe6ce54101eee7
- SHA1
  
  ed92354f1a9500c9dc07dfe77e23d3193e905559
- SHA256
  
  0b353412e79686c5185dfdf185747e856f379c863ff41d82ce0ef4b69b31b747
- SHA512
  
  70b9b4f07b35cf617da318e79999d3593355c126d10ab01a30827cd0daaa0d0fe54bbc9ed8fce80372803573ad2f30ea30e177dbf9ca0eddcf4cafb87e081f30
- SSDEEP
  
  24576:wVeK7bHY/DS6wku4EmQKyMeRP7IYqsS/HdcoO9u+5w9M4a:wZjMpn6oO
Score

10^/10

qakbot bb 1664184863 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6
- Target
  
  banners/sapientLashings.cmd
- Size
  
  43B
- MD5
  
  d18eb8290e94d3f1c33dee4dcc00bdf6
- SHA1
  
  fce96c3119000ed4a8e3a5f52ec26744f6f68b1a
- SHA256
  
  7bfe6313d939aeaef74658ba3d2cfe023441afc4366c688c17231899ddfec8fd
- SHA512
  
  f28767fa4eb3fed919e6e1879f82f0d3c535c642bfff0af40c933e72bd354a25d8b3e347fb83d68dfa7e7bb078fcb97bea0b24835b619901ab8ce12c0fc237a2
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8