qakbot | 84c7fe446f0e7a1edaa6514544e98f23b520ed9e87acaa17626b4326dafc33d2

General

Target

Contract#5073.iso
Size

1.1MB
Sample

221004-rt744abbg3
MD5

41447369fef4b49f5f02322d9c4250ea
SHA1

0f62c6b701783c684f568403db1cefee201a7983
SHA256

84c7fe446f0e7a1edaa6514544e98f23b520ed9e87acaa17626b4326dafc33d2
SHA512

bcf212fa88c0cdadf622c4630a9edf3f07cc1fb54e8e55166521d89f961e81a734e9b00b3de2d5c80dd598a9b7adf1d788764b41f340c3a1dde21fb485ed01a2
SSDEEP

24576:owFOHrwcwjHmvwiK7Jb0y/cT5SLn5EVl5DC4HDbdVujOHH:owFOHrwcwjHmvwiKb1/cT5SdEVjVbdM+

Score

10^/10

Malware Config

Extracted

Family

qakbot

C2

99.221.33.122:35602

29.202.180.222:51620

23.94.40.182:4331

34.19.16.166:1288

241.163.135.223:50051

32.107.156.85:19172

228.49.142.11:64889

196.202.140.31:7400

110.114.87.194:23019

217.188.119.28:9613

29.44.169.79:27952

169.83.63.109:46511

47.65.80.200:49855

50.140.194.100:14738

152.64.159.219:41214

12.255.117.222:36282

199.246.11.177:40851

81.180.116.241:1057

87.3.215.226:21496

247.44.83.206:32161

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Contract.lnk
- Size
  
  1KB
- MD5
  
  cb8820507a4a91ae8fddb669e30cac19
- SHA1
  
  ffd682f6dbd390223ea1fdecda4194af18140645
- SHA256
  
  b51482851815e562445c8c3c38137a5895f1410d1e0e81c78e8c80cfef09ea68
- SHA512
  
  0eb61ba675c9b7ef3bebdaa438b3c768fc1aec021441feac6491cdc47f8d75e0a622fd65b7b20a312c475dd19ba0562668114bbab6badcec5b4cd987e30f6654
Score

3^/10
behavioral1 behavioral2
- Target
  
  publish/assailantsRubble.vbs
- Size
  
  189B
- MD5
  
  272f82d211ba66ffb6a82aa1143323f7
- SHA1
  
  248e60a8405f409c5b67cb0a5e71312a45b67c40
- SHA256
  
  ec500122dcc3754dc4198ef477959c4eb2b63eebb6830b1bb5c8cc49de69adf1
- SHA512
  
  bf8c3c6d0cecb473b40d796e7909cec452fbcb200aa9993b883c58b6f794bee4a2b79e2eba8fa9844adad8481103798334cd25362000edd2750b53edf82b1ccd
Score

3^/10
behavioral3 behavioral4
- Target
  
  publish/outweigh.dat
- Size
  
  481KB
- MD5
  
  d89521adaf6418e6ebe43b1a1a9d2af9
- SHA1
  
  38cac8495ef43e51cdac1cb5e85d10137b365bee
- SHA256
  
  1965dc57456d4fc01b6ce0f242d80776fe08a16354e6177255cba618348355ac
- SHA512
  
  703db1e11372070dbbabc8a96c8600f079273e4dfad4e5437a5fd4b046187cf9f24b47ad68fadaf3bcf7fb1dcad8ecf98edd299281938eb144c4c6c29d68461f
- SSDEEP
  
  12288:Y2X+B4HKFVxT5jXAcOf35HI9H5RGqdIhr54f:L5EVl5DC4HDbd
Score

10^/10

qakbot banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6
- Target
  
  publish/rebelsPeppy.cmd
- Size
  
  62B
- MD5
  
  94b46c1dc31e204275d9d8bb2ff2ab1f
- SHA1
  
  06308d4d38521e5946d0252fa23cd4a0423ac504
- SHA256
  
  279c7c1633cc7db269a21c3b119954d655ab55a24e3c2f50822ab4bcb43576da
- SHA512
  
  26c04d8b3d60bb7eeff44e231786e1d750e23bce1abdfa4a53bbf8be868ad295ab853720ced6e99c01f76003117ee6629e1185f6c109be5602f1ac099282ff19
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8