qakbot | 3779825c15074aacb4cf1b90563e320eed874797b2e2b91790d8909374a7be02

Sharing

Copy URL Twitter E-mail

General

Target

Accounting#2063.iso
Size

1.4MB
Sample

220927-vm58psead5
MD5

a0eb93bb9ec1b80c9b31765f7f55d796
SHA1

9b53809ad7c73e9808c06087967551474909ae29
SHA256

3779825c15074aacb4cf1b90563e320eed874797b2e2b91790d8909374a7be02
SHA512

0fa3602ce6c25b29f9938e415d1577650bc0dd345a0446784699fbbcdcf0b39b8ef9b9b7fe8349191541aa913575bf262da8017b537b984f6ae1fcac2c7440b0
SSDEEP

24576:PsdjcM+VPl57rJCnz6zTz+qAl5w9MAXz:6cM+htOqP

Score

10^/10

qakbot bb 1664292185 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

403.895

Botnet

Campaign

1664292185

212.102.56.47:443

189.189.89.32:443

85.245.143.94:443

110.238.39.214:443

185.233.79.238:995

85.94.178.73:995

193.3.19.137:443

193.254.32.156:443

154.237.49.4:995

41.104.77.244:443

181.206.46.7:443

186.16.163.94:443

75.71.96.226:995

179.111.23.186:32101

41.97.65.83:443

41.105.89.30:443

85.86.242.245:443

181.105.32.5:443

197.41.235.69:995

103.173.121.17:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Accounting.lnk
- Size
  
  1KB
- MD5
  
  0935aaea15ed972fba8e0979e5412bf7
- SHA1
  
  d8795312e5f49e42bc587c3b93c97724bc8a7d2b
- SHA256
  
  51deb99d0cb6d006192e0c7bbb5c8998ecd296ac9b9d438d7a5ca4d73d3c74ee
- SHA512
  
  2d0498caf5d81ef4c2642a4a5306a70feac83757e97327d228feb4cd3a64861d18ef05b13a7baed5b8c4ede20ba92ae148dc09a7c9e70f986aeb9175583ca93a
Score

3^/10
behavioral1 behavioral2
- Target
  
  maliciously/dosage.db
- Size
  
  1.1MB
- MD5
  
  f533e6c66d8a458c97c2bd408757d481
- SHA1
  
  1e75151f247c76c7de272d20138aadb921323fba
- SHA256
  
  b7e432ebcbff1842f6639e6cc8ba2cca6a7ebe6374d40fda88b9de0fa920b225
- SHA512
  
  05bff106715af50eda60e2f9fe5347b6585ab53830d7bd7fb1a08820d87324cff770fd9e07f2d1273f2a461748a84a262f2060332a8961456e672c983aebbc62
- SSDEEP
  
  12288:hTNDT7Pi5+57H2VR2J4bi4XXkM6ZlPK9912W0TFz+L2AUn0jggyi5UT+QD1lNMAL:ZVPl57rJCnz6zTz+qAl5w9MA
Score

10^/10

qakbot bb 1664292185 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral3 behavioral4
- Target
  
  maliciously/enigmasLocations.js
- Size
  
  215B
- MD5
  
  dc2afb83c95a56f4f7aa03ba28803faa
- SHA1
  
  b8073edb7e61316e177d43a73c51987771459c9b
- SHA256
  
  03f8e1647a1a034c4dc93883814d4dec57faa869113f565491dabbf006f8f115
- SHA512
  
  28bb081bb56a369d39fd2dac070aab282acc6984bd19316b29d09587362b36df362be12abb3798d817b0e068561648716285879b16f1d30f234f7d123603bb07
Score

3^/10
behavioral5 behavioral6
- Target
  
  maliciously/preponderateSworn.cmd
- Size
  
  47B
- MD5
  
  f3be6c6022c715ef39497d275a56f678
- SHA1
  
  ea85d8a7cdb3e7cfee4994f2e503431b77de288e
- SHA256
  
  87717e711aacf670b0e8c8d1c90b376e6431ff233f4f6b38d1c19ae1c394739e
- SHA512
  
  bb5064086f233f721d7b14537bf492652fe252798030c09e70bf9bcad85042df92d5a83d7faf8ae48bb1254828c3e45e9516d678e74f1eff13f17d3d34d9ecde
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8