qakbot | af68690b3aee630f2e758a88fee6cfc27dfd1663635aaa5c23652a41576a993e

General

Target

Learn#3247.iso
Size

616KB
Sample

221003-nfjmssdfar
MD5

78a7b3735745a016890452cfa4a0a48d
SHA1

3c4f2beb31e7f8ff9bcc2d63955500d23ea343fe
SHA256

af68690b3aee630f2e758a88fee6cfc27dfd1663635aaa5c23652a41576a993e
SHA512

92d37e73cda36bd1a4100fe50b12d350207f45efc13f44d9dd7b50320c6548ef35c9f7548698d1f6cbdbdfd8c09a15a1bf34e81307abfddcd36a8481d4db5d8e
SSDEEP

6144:piNznfIiXRVvxXR+09XLbbZR6/AOfJClL+VNWXpImIQ2lDulxbcNzXEjchLTaZbK:pilfZV+0tLbsj6L+V4HZfZvgWr6

Score

10^/10

Malware Config

Extracted

Family

qakbot

C2

75.116.87.44:14933

64.55.103.194:9151

80.214.68.88:40730

97.184.129.40:2118

216.44.143.70:26851

239.39.127.10:38876

57.33.10.57:17737

201.128.252.151:58865

211.76.239.250:34506

124.58.65.86:13247

41.8.154.58:7614

6.55.240.195:27003

139.242.121.12:23370

8.81.30.103:64297

168.13.24.67:37382

17.219.125.20:59669

136.66.66.194:40287

63.172.177.141:57252

195.44.25.26:29277

67.212.106.154:59890

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  LearnS.lnk
- Size
  
  1KB
- MD5
  
  8f11a33693a0995e0f61b2696adba6b1
- SHA1
  
  5c7f254930bbeb55045e7d3272f41b2f2e4465e6
- SHA256
  
  6d63d35da63c187adb9402a1a25a89fc3048b2e5f317e7f6f47e5f3e4709057a
- SHA512
  
  23cda9e4e2baf4564517933fa113b3896e3de5342259ad43862ac25366caf1c4a73815a00e2bf6bace951d7489eae4a03a2f9af759236540e5bf2ad142d66047
Score

3^/10
behavioral1
- Target
  
  assaulting/binders.dat
- Size
  
  379KB
- MD5
  
  7512d5f067159b8656db56e7ca0676ac
- SHA1
  
  751ce3feb83e8201109a3db61049a4fd7ac07f62
- SHA256
  
  b581c1df89df87359786a32ac8f4fcdc804b39447ffdc37d865082d761bcd1e8
- SHA512
  
  acc3072da39d527a102108a9e0c18ab030836b38095bd13ca6e9a18addba7cd61500d568ab920023d43abdd3eba599bf62151eaea7f2add2a78c98a638bb10ee
- SSDEEP
  
  6144:XiNznfIiXRVvxXR+09XLbbZR6/AOfJClL+VNWXpImIQ:XilfZV+0tLbsj6L+V4
Score

10^/10

qakbot banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral2
- Target
  
  assaulting/deliberatesCinching.js
- Size
  
  233B
- MD5
  
  62bbbdd901e85e397fae9b5af9811f6e
- SHA1
  
  c69aa52255093a8153277726018e344dfd50e799
- SHA256
  
  7ae9197b741bc5a4a261c2d4a4e72c6f26e2f6e5b522709e62e730ddf99ccd2e
- SHA512
  
  2b89d76d1ca2568e5394e9a1b80553efaf9c8a9c56dd21dd4bc6af27a7d4973b2faef1c55e35e3528900875526083ee9a3ade9f3ffef89fef258653fbdd779b8
Score

1^/10
behavioral3
- Target
  
  assaulting/hypochondriasisArtistically.cmd
- Size
  
  116B
- MD5
  
  56affb6986f41cdb18559225419267af
- SHA1
  
  af691967f47f57491d8e4ec280fe4dabafb24015
- SHA256
  
  3696204a699cfca4e2ef8e76632fa4a70372fd0610885178a5ff9928bc52c4e7
- SHA512
  
  3cc9215f55c809ac4e842193b25729fe61febce7ef71ff87768fa1668205d403c558847075be0d7fd9193cf4d4537ef5b60161f516c1fe8ccbe58e979ce0a3a5
Score

1^/10
behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4