qakbot | 63ade90920f3c771336089bd7fe255a76d81781c761347e8016d81eadd5ae687

General

Target

Art#4224.iso
Size

1.2MB
Sample

220926-stlrjabbg5
MD5

6d0d7e50918d6e7a30340223ed87292b
SHA1

07f07d651bc22033ce453e7375d0dc4e78287861
SHA256

63ade90920f3c771336089bd7fe255a76d81781c761347e8016d81eadd5ae687
SHA512

24e5331a68678a36d29f3ab1b801463b1e0502a5aea3faa5f661f2cb5e870d8dd6b067e1c06035eb91060cab15b62c2582473b9ba5a5cf870a489d6db3af0a2c
SSDEEP

24576:zVeK7bHY/DS6wku4EmQKyMeRP7IYqsS/HdcoO9u+5w9M4aQvcd:zZjMpn6oOScd

Score

10^/10

qakbot bb 1664184863 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

403.895

Botnet

BB

Campaign

1664184863

C2

197.204.227.155:443

123.23.64.230:443

173.218.180.91:443

111.125.157.230:443

70.49.33.200:2222

149.28.38.16:995

86.132.13.105:2078

149.28.38.16:443

45.77.159.252:995

45.77.159.252:443

149.28.63.197:995

144.202.15.58:443

45.63.10.144:443

45.63.10.144:995

149.28.63.197:443

144.202.15.58:995

39.121.226.109:443

177.255.14.99:995

134.35.10.30:443

99.232.140.205:2222

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Art.lnk
- Size
  
  1KB
- MD5
  
  92bd99709950ff46ff4838d7a1f3edbf
- SHA1
  
  3735c7d86d119968a44694e2485a288735c382d5
- SHA256
  
  3afee94ae082c743bfb1ec42dcd03433d22f649b7e43b6a79e2a878b78b04b77
- SHA512
  
  d3fd15760e1c234f227d0cefe62eee4bf96be7e2ca5e16cae583cdb641ac080b179cddb3dd6bc79154d037dfe66758600fbe050e2fb59076d139759b16ba1f9e
Score

3^/10
behavioral1 behavioral2
- Target
  
  banners/aquaDisassociations.js
- Size
  
  225B
- MD5
  
  603256a9748d57cb0bc3ffb27c301970
- SHA1
  
  b6ba91e8f52a07ba984411ddda120359f3196ac7
- SHA256
  
  3c942da5ac014f728a65ddbbcb27539fb1d7e4cb4ef4523ff47d2627228048a1
- SHA512
  
  884e75e2fd0ef3944ff291d2785d786b1ca91d7cf945f0e4d8cc6a51a94b8d5cd82ad8294d02db003a6784021b6d0f0b03549dcebbe756fade9f6d43be10e064
Score

3^/10
behavioral3 behavioral4
- Target
  
  banners/castilian.db
- Size
  
  1.1MB
- MD5
  
  e17ff4c8e0da566b6fbe6ce54101eee7
- SHA1
  
  ed92354f1a9500c9dc07dfe77e23d3193e905559
- SHA256
  
  0b353412e79686c5185dfdf185747e856f379c863ff41d82ce0ef4b69b31b747
- SHA512
  
  70b9b4f07b35cf617da318e79999d3593355c126d10ab01a30827cd0daaa0d0fe54bbc9ed8fce80372803573ad2f30ea30e177dbf9ca0eddcf4cafb87e081f30
- SSDEEP
  
  24576:wVeK7bHY/DS6wku4EmQKyMeRP7IYqsS/HdcoO9u+5w9M4a:wZjMpn6oO
Score

10^/10

qakbot bb 1664184863 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6
- Target
  
  banners/persuasivelyPertains.cmd
- Size
  
  45B
- MD5
  
  dc41c0c31bef89cf16867fe8a7e925a7
- SHA1
  
  7fc36da0e6ecf064df2d34653b63f9b253e6d38c
- SHA256
  
  41e43038fcd50d37506a8880203ced62ce47b5b0d8ec3ee2efebe53cca770bfb
- SHA512
  
  1c6a42f25264e7c0cfcb8e2814b357e9bce6d1f2450ad52a22c4b24d25debd9ac3dc99de7690c0c30e3cadaf485c985e48f905b24f2e85ccc34a442c4c4e70e7
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8