qakbot | 765238af5901e400e41bd70e0f67e772f77ef290caf6bdf448bda970ebe62dfd

General

Target

Postcard#2542.iso
Size

910KB
Sample

220930-mpdmgadcf9
MD5

f9552781ddf9912e504dea3924d95c29
SHA1

d26d342727c05253ff74d772bb742e9884f953ad
SHA256

765238af5901e400e41bd70e0f67e772f77ef290caf6bdf448bda970ebe62dfd
SHA512

cf16aa0478b4aebb8a9983377576a36d4a992c4bf1e36e84e7c356756b70ac4cfa82bd8a2d100bda2740584fc4fa9ed15d882094cb5ad3a84addf61b17f1040d
SSDEEP

12288:+gzbVZi2QWig2MHuNyRncmIETn8cxvOBOYHHbwBOcIOrDgHHH:hzggrz6mJTnR+HHbwhDgHHH

Score

10^/10

qakbot bb 1664437404 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

403.895

Botnet

BB

Campaign

1664437404

C2

113.180.55.111:443

58.186.75.42:443

105.184.56.118:995

196.206.133.114:995

80.253.189.55:443

193.3.19.137:443

41.104.80.233:443

49.205.197.13:443

186.81.122.168:443

216.238.83.82:443

216.238.83.82:995

39.44.5.104:995

196.207.146.151:443

216.238.108.61:995

139.84.167.18:995

139.84.167.18:443

216.238.108.61:443

149.28.38.16:995

134.35.12.30:443

131.100.40.13:995

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Postcards.lnk
- Size
  
  1KB
- MD5
  
  1d4df8edae1edefb8c15e76fca459b70
- SHA1
  
  fe07303014ce86cb5769ba8c2b402fb9c859b5a2
- SHA256
  
  ec64aa131d20e762fdc61055121c872e96fd163aa40c6f477255f01a256f9b20
- SHA512
  
  b07fc3beef7a84c37de1b7ce8302778d49df89d86f421218a5b6ea086e5d8faa8d687240b0bff3d1106d1e6287e92fd7a3277315b34d436d46c98a469897c80c
Score

3^/10
behavioral1 behavioral2
- Target
  
  plaid/croaks.db
- Size
  
  594KB
- MD5
  
  3dc3f269b9a89b2d7ea8249d4644a900
- SHA1
  
  b9075c67730f2a0d3b65f07663f300cfaff19011
- SHA256
  
  af1692ced38f5fda305b35be66774822900a0b9617102db4b3da5f7c97f70e3e
- SHA512
  
  f1377d49c9ff7dde7bd138d38a097612298f4215aa8461b9e0fe748c238de577e8f4eb134428300961b1618e018c2e8c0128923f3e8f6cb8fd93738fb264ef89
- SSDEEP
  
  6144:sEUrgznbtvSaoyH0+iN4QDClgg9Q6STFOPHuC0AO+jZrR:CgzbVZi2QWig2MHuNyR
Score

10^/10

qakbot bb 1664437404 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral3 behavioral4
- Target
  
  plaid/disbarredJudgeship.js
- Size
  
  229B
- MD5
  
  0c5fffec1e8aa036ac664972ee2a5e19
- SHA1
  
  9e6ec90dba8066ee9e4d4338cde2db395447b513
- SHA256
  
  15587d750be6981b98f00df933f19a7b02e221c0f5d38d8fcc75f9d83e15c22b
- SHA512
  
  167b0fa6d8485c11c0e233d73a02043495a1e5786b37235fafb8c5aec995c3e4cc1fb6c499786298ece1585eb3ab9090322c65e150aee0f0c70cab05490b8543
Score

3^/10
behavioral5 behavioral6
- Target
  
  plaid/flounderingCores.cmd
- Size
  
  111B
- MD5
  
  e284b60daf806c0709445f11c49f294e
- SHA1
  
  7df8df799bebc07a638aff231ab2f00482add291
- SHA256
  
  8b95f14a04e8337f3c0d9c8b84b5cbab66e8ed71b3bb24277b72bec64fd8cf66
- SHA512
  
  fc1f873041282d6d80e688743fdfd4ae6f2fd33f98f9f8263676109d455c6f34762ee5c6ff627a5111a58c1f1ca6c1749da5ab8fda447c347aa2ec2ca49934f2
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8