qakbot | 097cec8157b431788ad42cf5d46629b2508897b51301935926dcb58079dfbe3c

General

Target

Postcard#3134.iso
Size

654KB
Sample

220930-n33zysedcp
MD5

653a8fed3f0284ced5fbf7f2772efa6f
SHA1

1abfc822ccb711581b8cef2cc4b5ccb793d2f1bf
SHA256

097cec8157b431788ad42cf5d46629b2508897b51301935926dcb58079dfbe3c
SHA512

37f647bfdd2477c373159b4b960f1e0fbbf80d60e93994613490bce52c134ad8706343091646c8b313ffc12f5503731866cb64103dc0563648612e7eea90f78b
SSDEEP

12288:jcmIEwn8cxnNs6LjjAw5cwimXujHxiVNYKMOBOYHHbwBOcIOrDgHHH:ImJwnRI6mHi/5HHbwhDgHHH

Score

10^/10

qakbot bb 1664437404 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

403.895

Botnet

BB

Campaign

1664437404

C2

113.180.55.111:443

58.186.75.42:443

105.184.56.118:995

196.206.133.114:995

80.253.189.55:443

193.3.19.137:443

41.104.80.233:443

49.205.197.13:443

186.81.122.168:443

216.238.83.82:443

216.238.83.82:995

39.44.5.104:995

196.207.146.151:443

216.238.108.61:995

139.84.167.18:995

139.84.167.18:443

216.238.108.61:443

149.28.38.16:995

134.35.12.30:443

131.100.40.13:995

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Postcards.lnk
- Size
  
  1KB
- MD5
  
  0f098b0bebe0f1860242aea3c4922a13
- SHA1
  
  d88f3831e7028f9a510af2b37e6dfa120c5013bb
- SHA256
  
  916a3d128520a1f8d51dc12a851f3830e4b0af48789185a5e0898aae720ff1fd
- SHA512
  
  036a8862b15ded9081a992677d8740db73285c3ba5df7f25b1a488cd48f5b20f49569dd72b1bdc937f855361d3e4a17e81d5762d20fde101304f7102788cff6f
Score

3^/10
behavioral1 behavioral2
- Target
  
  plaid/renovations.db
- Size
  
  336KB
- MD5
  
  d436df7179db1a851d7a74b68ae072b4
- SHA1
  
  f2bbce952c21e72c979cb9115a588a3dd22396cb
- SHA256
  
  e07f8ef4cdd69603a4ec2a21524b1236724cad1f3dd527ade09cbdb4b9cb74ef
- SHA512
  
  d71a94329b4250013bf9c5bf9e5373a220d9dc51a97e14ec947b242b048264b09aece6832239edd151d33bf698ebf84dae4c50dfb83af199b6dde0b20a9f893a
- SSDEEP
  
  6144:Ss07Ns6Fpqn3Kn/NjAOyme85N6w0ZmXp8jwkGU99WOUNeliVNYK:0Ns6LjjAw5cwimXujHxiVNYK
Score

10^/10

qakbot bb 1664437404 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral3 behavioral4
- Target
  
  plaid/reversibleDependable.js
- Size
  
  221B
- MD5
  
  0f40d9a9e0d05a17daa35d96d3a6ed26
- SHA1
  
  5034876339a3247429396bd5351f21bca8531fa2
- SHA256
  
  198567711c4d99b2f1e09b596f11d08f8d09feb5cb2d00c43d9e9e54503967b8
- SHA512
  
  46f5773cfb6008073609b4768d6fab8df8eea4d3c2dc547b2d6788039faa7d2ce67189b3f28c77aae60a128176c3a1fd4ef3f45923cb2f7f324d64eff81bca5c
Score

3^/10
behavioral5 behavioral6
- Target
  
  plaid/trusteeUnhighlighted.cmd
- Size
  
  110B
- MD5
  
  eebc184a3e4cf3eb944bb2701186f03f
- SHA1
  
  ee4cd07f9a6e634d69d34ee9e0842957fbfcdeaf
- SHA256
  
  8e0031a986ebd71a87e51fbe63de56d5fdeb305c59f7b99e614c527c92d4956f
- SHA512
  
  c28f12619af959f7c9b117380fb847f01d464db21830e9472339a7c27ad198e1c94e7e75a9c5ef11a89cf43a964e1ff56a776cd2739ac38d789bb9b766811b95
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8