qakbot | 3513f92cf2b4522bb2b3a73b08c4f8f0992cade9ccbe53646e69a4ec1b940a74

Sharing

Copy URL Twitter E-mail

General

Target

Card#5027.iso
Size

756KB
Sample

220929-rx15ysbbd4
MD5

54c6cffb4daca8b4ab1e49d9edfb604b
SHA1

e039aa41ade32041cfe1c58f7ef0365bf761e0ac
SHA256

3513f92cf2b4522bb2b3a73b08c4f8f0992cade9ccbe53646e69a4ec1b940a74
SHA512

c9e2f177e6f9430f2a3841ef3b53fe7077ad2b3dfad8a3adfe32449da1841a9d1f9a714e838e67d93ff232479dae4b19c4ae9034caf46b563672051a41ba87fa
SSDEEP

12288:JieL1vc1PdFjpmw5qS6xnGWvE/NIg5UT+QD1lNMAxH:A81IFnqnvE/5w9MW

Score

10^/10

qakbot bb 1664358901 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

403.895

Botnet

Campaign

1664358901

179.111.23.186:32101

179.251.119.206:995

84.3.85.30:443

39.44.5.104:995

197.41.235.69:995

193.3.19.137:443

186.81.122.168:443

103.173.121.17:443

41.111.118.56:443

102.189.184.12:995

156.199.90.139:443

14.168.180.223:443

41.140.98.37:995

156.205.3.210:993

139.228.33.176:2222

134.35.12.0:443

49.205.197.13:443

131.100.40.13:995

217.165.146.158:993

73.252.27.208:995

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  CardS.lnk
- Size
  
  1KB
- MD5
  
  f8288bd56b1c2c4686c81090402cb8ee
- SHA1
  
  5b0e44e14edb3fcc9afcccae0f545126265c2c26
- SHA256
  
  a151b0c334d8e10e93ff8b9c860b42d22d2fdf70da3a1e59905341bd15ac7d39
- SHA512
  
  5c0a6044a5363c8ced307da14b552df4789d24638a943c2cb908f06245fc2d1ef67937b691c4234c29504dcf8cb1768915429a2e1c014bda7bbce69719d07e29
Score

3^/10
behavioral1 behavioral2
- Target
  
  anticipations/armamentEuphemistic.cmd
- Size
  
  81B
- MD5
  
  db766acb624fffeeb377816cd700038d
- SHA1
  
  69a780c769d3fd4861cbf0cd30606ce781c96d50
- SHA256
  
  0dc634799592cd2e586c5c9ca7f3d7a9e16e48043f360b540913c5ad943051d5
- SHA512
  
  598980fc2152baebd98fc75e4b97932319489dbf3d7d91ecf43d37717860a508d934be598f36e555a2855be734d094285a63bcdc2f207eb80f57be6bc00969ff
Score

1^/10
behavioral3 behavioral4
- Target
  
  anticipations/gunfire.db
- Size
  
  693KB
- MD5
  
  c05798268fcde7fbda9305a54389bb79
- SHA1
  
  72b49520e928a4d4c63b99d8bc68a45abc41cc88
- SHA256
  
  b9dd2d79e9b78f0d3f439c302f19b0bbec463f135701ab2ea99c27f48fa2eb1a
- SHA512
  
  8937282bbf257f0d2f2ab86ba4909b3ee8f69d2141b8e419cb245019a0dcd5964c38ab9bc3ada8ef75cbdee02ae05a0f69196d4fb6c4c27351b2e36f36f592e1
- SSDEEP
  
  12288:/ieL1vc1PdFjpmw5qS6xnGWvE/NIg5UT+QD1lNMAxH:K81IFnqnvE/5w9MW
Score

10^/10

qakbot bb 1664358901 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6
- Target
  
  anticipations/stanleySquares.js
- Size
  
  256B
- MD5
  
  3a55113b1578278cc7dd4047bfeeb63d
- SHA1
  
  9d61475e11afb3a3141886cd005aff24c1832b11
- SHA256
  
  70a9a78fdd0945eaadd101378b0146a0ef44ef7b47a6f9efd7ef224cf9061b88
- SHA512
  
  42ba29a7f80e7693ef7308fc0f3ae9cac7ca85017dcf7c3f6814893a8aa8d6b1d4442d025033a69c2e650623cc87c538a0809dd3569ed9178971620b11e0d402
Score

3^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8