qakbot | 746dec037c074881909daa004f52d1b44572ad36f54ba4fce21f17252143d905

General

Target

Contract#9584.iso
Size

1.1MB
Sample

221004-knrftsafck
MD5

acbc54d598de517eb99fac3a4d771401
SHA1

0a781971df67d1eff3d848a91eed9ab749e4c889
SHA256

746dec037c074881909daa004f52d1b44572ad36f54ba4fce21f17252143d905
SHA512

9a12e4f20adabed0d6cbd6d4a1605b4061fa4818ede6e2b2fe3e3744cebc2e73c4098d426e22be2d1d496ba3f3f5c1d9a4b64e6702e0f75120075c15e340eb3a
SSDEEP

24576:uwFOHrwcwjHmvwiK7Jb0y/cT5SLauj3HH95EVl5DC4HDbd:uwFOHrwcwjHmvwiKb1/cT5ST3HHrEVjv

Score

10^/10

Malware Config

Extracted

Family

qakbot

C2

99.221.33.122:35602

29.202.180.222:51620

23.94.40.182:4331

34.19.16.166:1288

241.163.135.223:50051

32.107.156.85:19172

228.49.142.11:64889

196.202.140.31:7400

110.114.87.194:23019

217.188.119.28:9613

29.44.169.79:27952

169.83.63.109:46511

47.65.80.200:49855

50.140.194.100:14738

152.64.159.219:41214

12.255.117.222:36282

199.246.11.177:40851

81.180.116.241:1057

87.3.215.226:21496

247.44.83.206:32161

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Contract.lnk
- Size
  
  1KB
- MD5
  
  6f2867e34767311cd70ddf3389a48ce9
- SHA1
  
  6176ea76bd05dc0eae3d08901f71d43ffbf10900
- SHA256
  
  a5e09d2ed67d457f6609c99b35db023956e0e3431e4bf0fe3bc866921233ae2e
- SHA512
  
  817560b0c1d798136e7a80c9cd3b2e14574589080989593ea48671ee70a37a9af42ba35a315e65f1abec50ef84e6981f662f884aa83b1cfcf84faf8d0f6efdcc
Score

3^/10
behavioral1 behavioral2
- Target
  
  publish/carloadsSingles.vbs
- Size
  
  209B
- MD5
  
  1ca57b1e87d815db7ef6bb0482fee637
- SHA1
  
  4662b1021b7ba4913a9500cff082f5062b0697c5
- SHA256
  
  4fc008e043d6e3bdc91d3111f086c2cce2fa097a9c8a9c8bcceb790ab1ab5bde
- SHA512
  
  5e55c99101937ee60fa050a89b58df1a9da3391a3cfbdf82979ae9694261ad8bd1f2f31ba6983a6e6a2a52ab36e816957a8d4d32e8d103d4ad5f516ebfafaada
Score

3^/10
behavioral3 behavioral4
- Target
  
  publish/denunciatingShackle.cmd
- Size
  
  60B
- MD5
  
  78a66bc016a34e7316345561686bf3f2
- SHA1
  
  ae41cccdc8874d7130bffcd200ca15b516210f1d
- SHA256
  
  bffe9eeea9d7473d6a22d8e2f78cd737639a2c49f639ebf02a2fee4886bdbb12
- SHA512
  
  0bda1500e279c23127ac0381205e58f7d0cfdfa2131d11556a6b7ddcb2a7759c73252a361fad9469e80713fa9c1c051a93bfb3c7333f7fd21d7defcefc232493
Score

1^/10
behavioral5 behavioral6
- Target
  
  publish/tidbit.dat
- Size
  
  481KB
- MD5
  
  d89521adaf6418e6ebe43b1a1a9d2af9
- SHA1
  
  38cac8495ef43e51cdac1cb5e85d10137b365bee
- SHA256
  
  1965dc57456d4fc01b6ce0f242d80776fe08a16354e6177255cba618348355ac
- SHA512
  
  703db1e11372070dbbabc8a96c8600f079273e4dfad4e5437a5fd4b046187cf9f24b47ad68fadaf3bcf7fb1dcad8ecf98edd299281938eb144c4c6c29d68461f
- SSDEEP
  
  12288:Y2X+B4HKFVxT5jXAcOf35HI9H5RGqdIhr54f:L5EVl5DC4HDbd
Score

10^/10

qakbot banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral7 behavioral8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8