qakbot | e72494d58a80a06fdf0ded1abee6bf23091aec41b6ab9ca4e2c37d10a6d0be70

General

Target

Card#6218.iso
Size

744KB
Sample

221003-wy3sdsaehq
MD5

2f832c79b0161734fb1dcd86bdb95409
SHA1

6f0bd5efc97bb63dc0f7d22905332db4b0d66308
SHA256

e72494d58a80a06fdf0ded1abee6bf23091aec41b6ab9ca4e2c37d10a6d0be70
SHA512

e66dc9d11edd15658220621febcb100798c992a82aff49deae9c2fda1dd4537a56ba79d7c01359d95c3879092c0e1b39583154f4ca8d94829f5994b5af7606f5
SSDEEP

12288:XzGUo9tIf1JUFR+NcGW4izhxSsB20HQ+n3VGo9lD0ZoggSVSK7tHs:XzG3QtiRgbWhbLdQG3VGonQo4tHs

Score

10^/10

Malware Config

Extracted

Family

qakbot

C2

75.116.87.44:14933

64.55.103.194:9151

80.214.68.88:40730

97.184.129.40:2118

216.44.143.70:26851

239.39.127.10:38876

57.33.10.57:17737

201.128.252.151:58865

211.76.239.250:34506

124.58.65.86:13247

41.8.154.58:7614

6.55.240.195:27003

139.242.121.12:23370

8.81.30.103:64297

168.13.24.67:37382

17.219.125.20:59669

136.66.66.194:40287

63.172.177.141:57252

195.44.25.26:29277

67.212.106.154:59890

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  CardS.lnk
- Size
  
  1KB
- MD5
  
  ae8ecc7287439157dac02a6a7d23816c
- SHA1
  
  4782bd0e164db8a1d9ecafac9228a263f04091d5
- SHA256
  
  af521257a74f32d890f81cbb8e057f335db17f91ee2e1f0306e1a17c005621ef
- SHA512
  
  d7cfe1beabe23135fa242ee9c44d7457981d177e251fd2c8461a0ee6b82aea8b36346b2d538aed68876c1aa753f2bca2c5a5d5aa04f26e95290d9a4c0ef7dcb1
Score

3^/10
behavioral1 behavioral2
- Target
  
  brickwork/constantineEquestrians.js
- Size
  
  156B
- MD5
  
  da2265ec07bb520a5a37f6c7296c2ed1
- SHA1
  
  ad8c62d9c7110f6408d673be67908d89ed408d68
- SHA256
  
  3ade2ee2fe00df869ba2cb69c2c3541bb2134534aed28201b7e11dbec59b7bc6
- SHA512
  
  d11dfa3999cc7ce1e2937fcc6c1db9f963d3ce3b16c1e89a2c488f069df2a64544e656fefdeac4730cf09aac22cb67eaa73bbaea4272d9c8bbdb92a2239565d4
Score

3^/10
behavioral3 behavioral4
- Target
  
  brickwork/rhinitis.db
- Size
  
  653KB
- MD5
  
  8f2fb30e75a8434382eddef86ecda768
- SHA1
  
  dfb888ddad9c2111de010532f2539b9fddb99e7b
- SHA256
  
  27fbfb86936343fc18bb61811401c96c052ecdff080da3bdb403545d55cf2b2a
- SHA512
  
  a4f0707562157666143a20860ca1d3d8a49f9ffba79b7066361a35beba4488c81e0a4822bd9bdf7a6c7028c7aa066d2f295a36890577d2b4ea9b3da66adbcbf3
- SSDEEP
  
  12288:DzGUo9tIf1JUFR+NcGW4izhxSsB20HQ+n3VGo9lD0ZoggSVSK7t:DzG3QtiRgbWhbLdQG3VGonQo4t
Score

10^/10

qakbot banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6
- Target
  
  brickwork/scoffersDebate.cmd
- Size
  
  141B
- MD5
  
  a2b453e79bb7cad23b8eae34d76a75d5
- SHA1
  
  57632ef9f9bb9b6af039f8a2f252a76fea9e5f06
- SHA256
  
  4e5f6c6e554f1f2599628ff983ccf820c071c06bfff59c78d8187865dc9c1da3
- SHA512
  
  bb550c93a3515cd4476a31ff4f2775e9a434af6e1ae5605882b4a8dcd6e8609e3da2f65d5d1c396a9a5ef8d61932705cdf62e35e6f17109d4d358ff0735b1459
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8