qakbot | a22784bec3f10cfc307953f7b636d6d8d739d6ba5a400b4db9a31fab89afd3bc

General

Target

Art#6050.iso
Size

1.2MB
Sample

220926-tfrlasbcc9
MD5

5eef7bb9592a198c77e81546626e25ec
SHA1

660e87ee13bf4b78408d61c9008687beb1198b4b
SHA256

a22784bec3f10cfc307953f7b636d6d8d739d6ba5a400b4db9a31fab89afd3bc
SHA512

885b26188dd6e5a0c5f0e91362a6c914c31d046c3175fcc692648f4f43c447cfa8a25eee74e656971ca1532a3184ecdea6ea73cc3357e9524d3820edfec83a7f
SSDEEP

24576:BDVeK7bHY/DS6wku4EmQKyMeRP7IYqsS/HdcoO9u+5w9M4a3cd:5ZjMpn6oOBcd

Score

10^/10

qakbot bb 1664184863 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

403.895

Botnet

BB

Campaign

1664184863

C2

197.204.227.155:443

123.23.64.230:443

173.218.180.91:443

111.125.157.230:443

70.49.33.200:2222

149.28.38.16:995

86.132.13.105:2078

149.28.38.16:443

45.77.159.252:995

45.77.159.252:443

149.28.63.197:995

144.202.15.58:443

45.63.10.144:443

45.63.10.144:995

149.28.63.197:443

144.202.15.58:995

39.121.226.109:443

177.255.14.99:995

134.35.10.30:443

99.232.140.205:2222

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Art.lnk
- Size
  
  1KB
- MD5
  
  3e712abd9cb09a0a0d53e64799ec49a4
- SHA1
  
  c157db07381026729102856a48ebcac1bfaba787
- SHA256
  
  f80e6b298c2db439ff392e3ef3ec0bff2d39157e109bd51424f6270dec6e270f
- SHA512
  
  f5bd10c6893c20adf815ba67fa62eaf448986c0be30ca1b6938c60e4588a3ee68c628f5c997c7921f08cdf951be25d32ff4c27765d512b09feb3481bf8ba1838
Score

3^/10
behavioral1 behavioral2
- Target
  
  banners/pungentCircumcircle.js
- Size
  
  217B
- MD5
  
  bfb027095d5b5b40e83e5c3d0a1606d4
- SHA1
  
  fedbf4499e6e3f2fd48ffac322ab0a3f11695620
- SHA256
  
  b995652edf10618007b777130c71244becd6ff173b96db3f9b3a4e2426f752f2
- SHA512
  
  e0e6821c2a95d88b5ad0a3d8f1305f46d5389f1b36e0dbbece7daed161746a9f90ad3c1adcff8365f6ba36bbfd9ecdb28462fa42f9012c7140e0e7d6a825351a
Score

3^/10
behavioral3 behavioral4
- Target
  
  banners/rabidGymnast.cmd
- Size
  
  44B
- MD5
  
  1ea9c3b3103df1bb6218d69c394757d0
- SHA1
  
  988444950591dcb679a2a4e8d386448cdb431ffe
- SHA256
  
  56b5e13a4af68bf98d53d98cb086e259a7f1c1b354d3f04c3839c8d8c5ee705b
- SHA512
  
  8a4c9248707a04e7adc87565c8198aec7b9e0063861e0d65535b759f584486395499ea7a68a83ddf5b53d26042b60f5fee7520e4aedf5632131c976d1543aa07
Score

1^/10
behavioral5 behavioral6
- Target
  
  banners/spryness.db
- Size
  
  1.1MB
- MD5
  
  e17ff4c8e0da566b6fbe6ce54101eee7
- SHA1
  
  ed92354f1a9500c9dc07dfe77e23d3193e905559
- SHA256
  
  0b353412e79686c5185dfdf185747e856f379c863ff41d82ce0ef4b69b31b747
- SHA512
  
  70b9b4f07b35cf617da318e79999d3593355c126d10ab01a30827cd0daaa0d0fe54bbc9ed8fce80372803573ad2f30ea30e177dbf9ca0eddcf4cafb87e081f30
- SSDEEP
  
  24576:wVeK7bHY/DS6wku4EmQKyMeRP7IYqsS/HdcoO9u+5w9M4a:wZjMpn6oO
Score

10^/10

qakbot bb 1664184863 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral7 behavioral8

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8