qakbot | 3a6b8763626bdb1f75071647e8efeb1623e24c3031beef34cf47ccd28e6fae0a

General

Target

Gallery#1691.iso
Size

1024KB
Sample

220928-pjdfmaghfk
MD5

e2e4dd889fe6c0c61496085de4193ca9
SHA1

a5ff9bfbfcb10acf3c602ba6e5f5ddaf6e98f0ee
SHA256

3a6b8763626bdb1f75071647e8efeb1623e24c3031beef34cf47ccd28e6fae0a
SHA512

a763e2e61120d4dd11cfa4aa8e91a71624ab9ca4fb545c643c9ed3299049315ff6f9e97594444e50e6aebbedbbe29623f8da6f08f388d7924dba84351f6c5f50
SSDEEP

12288:8ieL1vc1PdFjpmw5qS6xnGWvE/NIg5UT+QD1lNMAxH+wBOlOtHH8D1bYkNy:P81IFnqnvE/5w9MW+wzHH8D1bYkNy

Score

10^/10

qakbot bb 1664358901 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

403.895

Botnet

BB

Campaign

1664358901

C2

179.111.23.186:32101

179.251.119.206:995

84.3.85.30:443

39.44.5.104:995

197.41.235.69:995

193.3.19.137:443

186.81.122.168:443

103.173.121.17:443

41.111.118.56:443

102.189.184.12:995

156.199.90.139:443

14.168.180.223:443

41.140.98.37:995

156.205.3.210:993

139.228.33.176:2222

134.35.12.0:443

49.205.197.13:443

131.100.40.13:995

217.165.146.158:993

73.252.27.208:995

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  GalleryA.lnk
- Size
  
  1KB
- MD5
  
  5c5c630b518d181866342f6cc243f432
- SHA1
  
  59fc0b31a3141e7490604417a04bc05b3dfd148b
- SHA256
  
  9b3825c8f51a81f29b4995506a6e5dea6f645634022c0172b943cf9d0f1fdb2b
- SHA512
  
  cc3b38484dad851685880937619775e504453601a0ed3442020b3e34272688e14e18eb7d2f82ca2d511fda4449f7ca2dadb4ed27bc3d5d00a71672bba059f4f1
Score

3^/10
behavioral1 behavioral2
- Target
  
  checkbook/area.db
- Size
  
  693KB
- MD5
  
  c05798268fcde7fbda9305a54389bb79
- SHA1
  
  72b49520e928a4d4c63b99d8bc68a45abc41cc88
- SHA256
  
  b9dd2d79e9b78f0d3f439c302f19b0bbec463f135701ab2ea99c27f48fa2eb1a
- SHA512
  
  8937282bbf257f0d2f2ab86ba4909b3ee8f69d2141b8e419cb245019a0dcd5964c38ab9bc3ada8ef75cbdee02ae05a0f69196d4fb6c4c27351b2e36f36f592e1
- SSDEEP
  
  12288:/ieL1vc1PdFjpmw5qS6xnGWvE/NIg5UT+QD1lNMAxH:K81IFnqnvE/5w9MW
Score

10^/10

qakbot bb 1664358901 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral3 behavioral4
- Target
  
  checkbook/derailingEntangling.js
- Size
  
  225B
- MD5
  
  1e79354e2a3ff1cfc9a45f27a8454d17
- SHA1
  
  41480682270fd43f1335cc3ac098c9c34b097b6e
- SHA256
  
  4103d7d1c374d49801f1e64418604b15101dd836048e7e005452065894d00622
- SHA512
  
  6b1770cfccf392ae90316f749da94a430e96086726142b6a5a4a2f1613c67b4d9d3875b21059f4ff00881a1f2dfce28f7b9ebd762dd757af96059ec285ee38a6
Score

3^/10
behavioral5 behavioral6
- Target
  
  checkbook/leaguesDong.cmd
- Size
  
  74B
- MD5
  
  7f9c3d474150f4e7b438efd09836fe6b
- SHA1
  
  8d291bc66e760f5d2fa1384a9c0eb35c32189536
- SHA256
  
  864599871c7c59ca00e42042f6274a6dc19cad3f5cf6d51059f1cd5fbcadb6c5
- SHA512
  
  ac2a5865e09ddd998ae3b9a321be2c9fdd41c706bbb442d4402fa5a2523c48adee8d834417b6be5bb68a4a3a32599a61b10bc3518c1b13b1e5eb8068f04b9f01
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8