qakbot | 828bad7e274eedb55293922dc78d8abf6a70b3c4c615bf9097d65466fb187877

General

Target

828bad7e274eedb55293922dc78d8abf6a70b3c4c615bf9097d65466fb187877.iso
Size

1.1MB
Sample

220930-sdblmadhe6
MD5

fb3f760a7057f01408e9abaae71dd254
SHA1

a11ba66a4f8f32ab1f17a932580ac061c9d3beaf
SHA256

828bad7e274eedb55293922dc78d8abf6a70b3c4c615bf9097d65466fb187877
SHA512

fa936cb73028baffca71312cf1a402f03c01ca521a65b81186f82c08a58ba928ea97b43a1484dc6633661d6b747ec66b3bd37f70689954fd76ccd60b4bb8551d
SSDEEP

12288:139yPbTonRByskGoWHwa0nZXKlhb/H9TT+iTojfQCA3kptT68JtQzB5UT+QD1lNm:139yPbToWnEjYNAeh4X668Jc5w9M+a

Score

10^/10

qakbot bb 1663774884 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

403.895

Botnet

BB

Campaign

1663774884

C2

70.49.33.200:2222

181.118.183.123:443

99.232.140.205:2222

31.54.39.153:2078

173.218.180.91:443

193.3.19.37:443

134.35.8.88:443

41.97.152.42:443

70.51.132.197:2222

41.111.74.35:995

189.19.189.222:32101

105.156.139.150:443

217.165.68.59:993

119.82.111.158:443

111.125.157.230:443

125.25.129.70:443

197.94.84.128:443

177.255.14.99:995

187.205.222.100:443

190.44.40.48:995

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Contract.lnk
- Size
  
  1KB
- MD5
  
  0bd43995bc1298e458c83b5a49f021d1
- SHA1
  
  a8dd3aa6bc3e93e211f43a5a79de715edce3d7ab
- SHA256
  
  dda4d791e4661a84677cf8ba9f3eadee8b4df760a232d524fcb9277ef3dda9bc
- SHA512
  
  adf3dee1fcf50629d7248c88a4e997a63ffe3b217172f93b03f6fb54a79b19bd935d9159ab9faad7e410452eb6ca88f60c01cf9dc232007e422f445e91da2b47
Score

3^/10
behavioral1 behavioral2
- Target
  
  unbelt/invalidDissertational.cmd
- Size
  
  158B
- MD5
  
  ec073a8d41f5d3784b35eea3d27faab3
- SHA1
  
  bde5e20805de39893f3711daad7418ecf15edb93
- SHA256
  
  70b753e887491989054d9ebe904c266ea043cd10f819259942a8c9fa2fd4a137
- SHA512
  
  740fa5a866447eae276b65af80640b4bfed8791cc0642676387047de12805fd2776aad2a4560b470cc3ec9a793bcc97ab39d000a1dfc35bbfb00132c539d107e
Score

1^/10
behavioral3 behavioral4
- Target
  
  unbelt/laud.db
- Size
  
  849KB
- MD5
  
  747a50a101b528a155c8095f1aef0230
- SHA1
  
  7a8c734481c95117009c57c8c81e077a2a5c5d96
- SHA256
  
  01fd6e0c8393a5f4112ea19a26bedffb31d6a01f4d3fe5721ca20f479766208f
- SHA512
  
  d5da3700be5c84bcb3bd3700f48d021c4fae0b0c64e8cc8fdf06d8094a4d3a497acf2fafcc05b0f6dbfa2e3e7be6d0b62c08f0328808837791ec586b7a690582
- SSDEEP
  
  12288:VByskGoWHwa0nZXKlhb/H9TT+iTojfQCA3kptT68JtQzB5UT+QD1lNMAFa:SnEjYNAeh4X668Jc5w9M+a
Score

10^/10

qakbot bb 1663774884 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6
- Target
  
  unbelt/windsorOrchids.js
- Size
  
  181B
- MD5
  
  ea62509056ba9dc0f1c8a71cd884cce4
- SHA1
  
  6f88eed6919dda2b7ee6c1a1a7bb6330ab08d865
- SHA256
  
  2276a3b2710d8f8abd3ee60b77bd7ce94f7e6ec1ac303b039bd1b124eb81ab99
- SHA512
  
  8692d849c99cb3184d50466210eff4e9ac9442c3aa77fd435b5013f6535a47875f99ba3353458f970fb338d9d71ab806fa9065f681a14e68ea8672266fb9f431
Score

3^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8