qakbot | 5578fbc2b70fb9c4a49bfb8b7b6fbe945febee193699fcc9c2aa46675d86f778

General

Target

Contract#6067.iso
Size

1.1MB
Sample

221003-snfnbscde3
MD5

6bc854cbed6886d1f9f805c60f1c3778
SHA1

fe875e37e98df087296d27a03428345035998696
SHA256

5578fbc2b70fb9c4a49bfb8b7b6fbe945febee193699fcc9c2aa46675d86f778
SHA512

5b7e49360f5d6f472f1755a28a83ab4016f3918d967cb142b9b5a3b813929a43084059c908f76d94590afc22b1cd845cd7d13697b8b6a23600aafb8ee2f5b229
SSDEEP

24576:OwFOHrwcwjHmvwiK7Jb0y/cT5SLz5EVl5DC4HDbdnuj3HH:OwFOHrwcwjHmvwiKb1/cT5SZEVjVbdy3

Score

10^/10

Malware Config

Extracted

Family

qakbot

C2

99.221.33.122:35602

29.202.180.222:51620

23.94.40.182:4331

34.19.16.166:1288

241.163.135.223:50051

32.107.156.85:19172

228.49.142.11:64889

196.202.140.31:7400

110.114.87.194:23019

217.188.119.28:9613

29.44.169.79:27952

169.83.63.109:46511

47.65.80.200:49855

50.140.194.100:14738

152.64.159.219:41214

12.255.117.222:36282

199.246.11.177:40851

81.180.116.241:1057

87.3.215.226:21496

247.44.83.206:32161

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Contract.lnk
- Size
  
  1KB
- MD5
  
  c86d26c6773f581a96cc5198ee12830e
- SHA1
  
  d85174dda21f5ef8f92efdd35d2a13c426e1768e
- SHA256
  
  6ec0ba7e0db0e097c729bf9cf80b270f0d8f7e7314cec7bf30b8c644f866e584
- SHA512
  
  e27d1f610673888d881b422695356678775d3673f937e2e897525319f6ff2751382d75a3c89e58ab71ebc45e586c357b8e2e832e9d4cd288638e4e83d4ebcc74
Score

3^/10
behavioral1 behavioral2
- Target
  
  publish/irritationTemperateness.cmd
- Size
  
  61B
- MD5
  
  5392444aa205e2fadda8b3c3daddb2ac
- SHA1
  
  aab7ed18ccd307c39eace15280d3a24be094848d
- SHA256
  
  ec9bed0d3bd243ae4db1d4c27642a363fa4f98dd13017f230cce0fb7324ed24b
- SHA512
  
  16ceda76610ac604d72be826a0e26622b41ff9c8acc50ec1b4fc5a0d3749d69c7cbab1c07a5dfa39ad4f063a3bd3f4ac1b236718afda28abd55988e50ad4e7e9
Score

1^/10
behavioral3 behavioral4
- Target
  
  publish/pebbles.dat
- Size
  
  481KB
- MD5
  
  d89521adaf6418e6ebe43b1a1a9d2af9
- SHA1
  
  38cac8495ef43e51cdac1cb5e85d10137b365bee
- SHA256
  
  1965dc57456d4fc01b6ce0f242d80776fe08a16354e6177255cba618348355ac
- SHA512
  
  703db1e11372070dbbabc8a96c8600f079273e4dfad4e5437a5fd4b046187cf9f24b47ad68fadaf3bcf7fb1dcad8ecf98edd299281938eb144c4c6c29d68461f
- SSDEEP
  
  12288:Y2X+B4HKFVxT5jXAcOf35HI9H5RGqdIhr54f:L5EVl5DC4HDbd
Score

10^/10

qakbot banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6
- Target
  
  publish/perfunctorinessRehash.vbs
- Size
  
  237B
- MD5
  
  f0d4ad5f3317320f8b85d38062a79008
- SHA1
  
  0d5a8b8067f68a9cd986502b1448dc040527089e
- SHA256
  
  c84838381dfad99dc6e26f0e413a38611feea4e8530abcee1b4260b82076551d
- SHA512
  
  934f7a16fb10ae8d57a275ccf12777b8e51cdbf402b3e4a51772ca810de7a442bdc5de6fcc768f04e928e78c78c987a270a26249879a728ff5b59d7f1884693d
Score

3^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8