qakbot | c7526982795b253ca98735855ee776d0ece5df8a4aa1e5b4ed06a32f2017fe51

General

Target

Art#5501.iso
Size

1.2MB
Sample

220927-rt9mxsdff2
MD5

d0c0a1bc285506be2a5fffcdfe2dbba4
SHA1

64425b839bd067400b0d43a9a75cc2e0a701be1d
SHA256

c7526982795b253ca98735855ee776d0ece5df8a4aa1e5b4ed06a32f2017fe51
SHA512

63f1ab3bea3a1e67f2461bdc5aa86dc97aaff2af516166523152467e88bf318259a3c6171105101651a2fa8c2185c6fb06cc7328a5edad5172decf43c0b48851
SSDEEP

24576:tVeK7bHY/DS6wku4EmQKyMeRP7IYqsS/HdcoO9u+5w9M4a2zcd:tZjMpn6oOQcd

Score

10^/10

qakbot bb 1664184863 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

403.895

Botnet

BB

Campaign

1664184863

C2

197.204.227.155:443

123.23.64.230:443

173.218.180.91:443

111.125.157.230:443

70.49.33.200:2222

149.28.38.16:995

86.132.13.105:2078

149.28.38.16:443

45.77.159.252:995

45.77.159.252:443

149.28.63.197:995

144.202.15.58:443

45.63.10.144:443

45.63.10.144:995

149.28.63.197:443

144.202.15.58:995

39.121.226.109:443

177.255.14.99:995

134.35.10.30:443

99.232.140.205:2222

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Art.lnk
- Size
  
  1KB
- MD5
  
  14ca6c3a95938ebb2721657f926d364a
- SHA1
  
  e2b75ec8ba932b7ae8e4eaa4e570c34ae60fa87a
- SHA256
  
  e67c5fcf2a940b6923aafb4b6eae6a9528429a27f26c2d38c647df02c1b29c00
- SHA512
  
  f1d06d86c0d1b7c403372c8cf3f6392c72698be4be200f2613a25bd276b4a6f56877b287473cdc3777bf7a271bec6040b71cc39c4b23c4de28c912d4570f09ae
Score

3^/10
behavioral1 behavioral2
- Target
  
  banners/inviolability.db
- Size
  
  1.1MB
- MD5
  
  e17ff4c8e0da566b6fbe6ce54101eee7
- SHA1
  
  ed92354f1a9500c9dc07dfe77e23d3193e905559
- SHA256
  
  0b353412e79686c5185dfdf185747e856f379c863ff41d82ce0ef4b69b31b747
- SHA512
  
  70b9b4f07b35cf617da318e79999d3593355c126d10ab01a30827cd0daaa0d0fe54bbc9ed8fce80372803573ad2f30ea30e177dbf9ca0eddcf4cafb87e081f30
- SSDEEP
  
  24576:wVeK7bHY/DS6wku4EmQKyMeRP7IYqsS/HdcoO9u+5w9M4a:wZjMpn6oO
Score

10^/10

qakbot bb 1664184863 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral3 behavioral4
- Target
  
  banners/rehearserAnointed.js
- Size
  
  234B
- MD5
  
  3ce10f1d36756019dce64fac74317796
- SHA1
  
  04dd4fc72402a4ede06301e711aa2fd4a1d1b9b7
- SHA256
  
  5ec397dca5c2eec499956281e1a311cc3f2ee63eefcc522cc73ad2d23b76c51a
- SHA512
  
  9fdc544571e237ce2cc319d99e69d04bdfdb22c5fb032ac4c1c767b7d8fa2b7880fc959d41e77d79e9f5f8fe15523e8a7e1177cbcbcd549a46953fc5edb3592f
Score

3^/10
behavioral5 behavioral6
- Target
  
  banners/unservicedValedictory.cmd
- Size
  
  49B
- MD5
  
  c1b83ae08bcdbbc4153e6eb25439557b
- SHA1
  
  d2354e4754d779d69869fcd72dd0f3b6a8d7323f
- SHA256
  
  b95bb0f147663ce4a570f41d58a8947cc83997618203ea88a42e827e0bd2e7fd
- SHA512
  
  8eb970d93685950eac9603f80fdcd9e777c4138cad234f04a4de652fc989b7445f04bcfab87ec4a309c9243770ad2c64f504177aa16d3d0404a968922efbd594
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8