qakbot | 379adf27eae21d4cca037c8fa07c817ba75c2e9a9fdd4cfd938a630903f57024

General

Target

Art#4197.iso
Size

1.2MB
Sample

220926-yq2lgadacq
MD5

5af0c32f98618b19207e4187dcdcd2d9
SHA1

0d85f8a0490eea0e28a4634276dccaecaabb7202
SHA256

379adf27eae21d4cca037c8fa07c817ba75c2e9a9fdd4cfd938a630903f57024
SHA512

538a81a38a35a9265f6ed28738cee592366cae47922c825a12b4cecfcb42fbf09b4d18e6d752b693383b452fe33310fcec84250b2ea3c385176099f13dd8a81e
SSDEEP

24576:Kvcd7VeK7bHY/DS6wku4EmQKyMeRP7IYqsS/HdcoO9u+5w9M4a:Gcd7ZjMpn6oO

Score

10^/10

qakbot bb 1664184863 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

403.895

Botnet

BB

Campaign

1664184863

C2

197.204.227.155:443

123.23.64.230:443

173.218.180.91:443

111.125.157.230:443

70.49.33.200:2222

149.28.38.16:995

86.132.13.105:2078

149.28.38.16:443

45.77.159.252:995

45.77.159.252:443

149.28.63.197:995

144.202.15.58:443

45.63.10.144:443

45.63.10.144:995

149.28.63.197:443

144.202.15.58:995

39.121.226.109:443

177.255.14.99:995

134.35.10.30:443

99.232.140.205:2222

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Art.lnk
- Size
  
  1KB
- MD5
  
  b7acf60727397aca340de2875aab4cf4
- SHA1
  
  3011f6229a5a0a23f0a7be1ebe7ddc54d4ae6729
- SHA256
  
  83f01eb6602de809181ce0b7b5e307427a75565f12893715bffd201176b3ed85
- SHA512
  
  fea6e4c6f3c66494a189dcb7e1721b4402952101ae3d699827cf6da8115b7725b5af5076609829e5d01c563f7ab697a4984dcd582ff94abf8f8432bdab3e7dec
Score

3^/10
behavioral1 behavioral2
- Target
  
  banners/accraAudits.cmd
- Size
  
  42B
- MD5
  
  21962533210be1f0c30c9abbfe622620
- SHA1
  
  52662b94261990ab67bd56cdea12212884dc12a0
- SHA256
  
  9b39416766b1d1432a1e99283a337e2b8196c75cd1e43537054a306bd68faa59
- SHA512
  
  dafcd6cfb1dbb1769db89b5f3cf3c0a49149913646cbebcc7b7d47e59716a26fd7bf2ad3e6071044df3f4347dec415b24d0d26888d02cbeb3118317426d2703a
Score

1^/10
behavioral3 behavioral4
- Target
  
  banners/appendicesMuddleheaded.js
- Size
  
  210B
- MD5
  
  b5e184edc62f7c2336c76263b46e9dfe
- SHA1
  
  06acac96723cbe2c838fee39b1eff790c5b7e5bf
- SHA256
  
  a20e5795f2dbe525b1eaa3755aea1918e80e07c844ff0542c0c2e08d8566d482
- SHA512
  
  cc4494859564f8f629486b56489e61cfb2bf8cc4dd5623f33835068b3fa08e1bc88d8eade68c0bfa5d391d74a5c3be3585972e84b774d0153167dd0ab16b5d17
Score

3^/10
behavioral5 behavioral6
- Target
  
  banners/wisest.db
- Size
  
  1.1MB
- MD5
  
  e17ff4c8e0da566b6fbe6ce54101eee7
- SHA1
  
  ed92354f1a9500c9dc07dfe77e23d3193e905559
- SHA256
  
  0b353412e79686c5185dfdf185747e856f379c863ff41d82ce0ef4b69b31b747
- SHA512
  
  70b9b4f07b35cf617da318e79999d3593355c126d10ab01a30827cd0daaa0d0fe54bbc9ed8fce80372803573ad2f30ea30e177dbf9ca0eddcf4cafb87e081f30
- SSDEEP
  
  24576:wVeK7bHY/DS6wku4EmQKyMeRP7IYqsS/HdcoO9u+5w9M4a:wZjMpn6oO
Score

10^/10

qakbot bb 1664184863 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral7 behavioral8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8