qakbot | cd35b4fffe82c7e263a990b8aaaaadfdbcc804241661fdfb05fafb9013f5ac9a

General

Target

Contract#1837.iso
Size

1.2MB
Sample

221004-l99pzaahap
MD5

3e0a01a878de87cad484a53d07842a0d
SHA1

f6bf44388f776103d1f9380e79017dc069e73ef5
SHA256

cd35b4fffe82c7e263a990b8aaaaadfdbcc804241661fdfb05fafb9013f5ac9a
SHA512

e262cf8e71dd569dc3f09d51ed4ef3cdf9cead0e4f501260c1c68f6e4008fedfc33eb9196dbedeaacfa8d3a108387ef6a27a844d0298c11f8fd4ebbe963b4f79
SSDEEP

24576:IwFOHrwcwjHmvwiK7Jb0y/cT5SLQuj/PT1HsuPr+hdIO3kVNdHH:IwFOHrwcwjHmvwiKb1/cT5St/Ppihdz+

Score

10^/10

Malware Config

Extracted

Family

qakbot

C2

162.224.55.111:30915

17.105.54.14:63284

149.253.253.235:19955

148.219.182.10:5489

56.214.171.2:7637

171.182.161.115:60821

175.2.110.61:49611

99.130.91.79:29604

136.197.36.254:0

99.221.33.122:35602

29.202.180.222:51620

23.94.40.182:4331

34.19.16.166:1288

241.163.135.223:50051

32.107.156.85:19172

228.49.142.11:64889

196.202.140.31:7400

110.114.87.194:23019

217.188.119.28:9613

29.44.169.79:27952

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Contract.lnk
- Size
  
  1KB
- MD5
  
  6d13550f1670c64941118b357bb44492
- SHA1
  
  208520beb83c7e7fe6ce1b3d0e7409842f787e48
- SHA256
  
  f2fe2cc85229da328b8eb76479e22f26ecee07b7949952a3afe8764a3c975107
- SHA512
  
  680011e5c7c15e7526eeaf7902b26a9eb8dbac2174d359b8f4f3dd33253ad5aa2c22214f88f227ef94f99b7c47493b9b963830cd8a0202eac2636aeaa9d8bf1c
Score

3^/10
behavioral1 behavioral2
- Target
  
  publish/popperSumatra.vbs
- Size
  
  223B
- MD5
  
  15100bb30ab62ee4f1bd10d037bc8993
- SHA1
  
  2ed53c6db74192a54e7c1697dae370873386af99
- SHA256
  
  eba01229a86c02f77bf78ac929d30b5afc536c42220b745a1602dc7a090d06fd
- SHA512
  
  7fc5f02ad147ffcf40392137afbd22a7f05bf6d1cab82926488baa5fbeff8b46924ad2a218ef3fc91bc23be3a181a8e7c1f0aea150237fc8a0db19d9a5d8e562
Score

3^/10
behavioral3 behavioral4
- Target
  
  publish/respiring.dat
- Size
  
  537KB
- MD5
  
  c519f8bd60844e7ea776e67a4b724e53
- SHA1
  
  c699b16ce036b50997a52114280a080d16bf5599
- SHA256
  
  e91f4205e8fa14ac9acd4b6cf9a54e2fa8b3901e619e18b3fa22188ef1ddeaff
- SHA512
  
  f28385fd7284a7395565150990ed068c143011cccc7944f0097531503a8bc62c6386299f92bd8093ed384eaec5ce327e8c75534073bf03c8f78f5bfc40dd5ca9
- SSDEEP
  
  12288:P9hOiDHnsfkmEsrq1ZBr0fvpdgJvLrG3q8/UxPVN:lPT1HsuPr+hdIO3kVN
Score

10^/10

qakbot banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6
- Target
  
  publish/underdoVindictability.cmd
- Size
  
  63B
- MD5
  
  4049f12adfd6161799243f2650e8c586
- SHA1
  
  4e1c5f53744e3b45f974a6b2680c505a6ec6bfad
- SHA256
  
  722cc37b2f70de5b1e0dc8e4881635bf5eb16b813cb13acc781fd8e1a41ffe37
- SHA512
  
  b64149b7a33f424c6efdd3cc9f73566f7b122da3a40de87a931e137aecfc8b7757b8ad2515d77fa3e787b1476fe9ed4e9b3830e77c36feb8c5aebf3d30030f9a
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8