qakbot | c1efca753dedafb2fa206085cc45583e9af9e233a3248e958a5e1ece7982837f

General

Target

Overdue_1833.iso
Size

446KB
Sample

221006-tkmg5shha7
MD5

ee274056a1eba6da6e98d934988a8e25
SHA1

89631607e492e68ccc3b227e9dfe1b70e7fff994
SHA256

c1efca753dedafb2fa206085cc45583e9af9e233a3248e958a5e1ece7982837f
SHA512

364e170de7d186285e1c18e99860cc94788a5a7b81a27aec68392a2656839b701fcc6929b4a655c0c578cc3e89869d39f4d9671d5bd2b28e7f00074970372870
SSDEEP

6144:0tgTFlqteWTBa5WsoUReNsyLK9+8WqniKS9jyA9yjHHXsBcfmL/p+LIORL6qYFYM:y8z4TU5WsoURzN9ftniPHlQEFYM

Score

10^/10

Malware Config

Extracted

Family

qakbot

C2

78.94.148.92:1753

134.180.185.240:32987

201.136.101.182:38323

124.77.95.5:46163

196.90.29.190:30693

187.144.110.117:36330

10.44.33.140:65267

162.117.200.91:29984

159.254.223.192:31154

11.239.81.233:37

31.248.76.23:24072

224.77.182.18:55579

124.230.27.11:44408

205.255.39.94:54675

192.1.213.104:14212

145.3.120.239:20068

242.199.30.106:9157

243.240.195.106:42825

74.234.32.185:42698

102.51.5.67:47820

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  6438/1722.cmd
- Size
  
  259B
- MD5
  
  3c3c6861a7b06edf3d7ab40e6a239eb7
- SHA1
  
  f9b416533bcabd4096ab3cd1b138194b0d7bb47f
- SHA256
  
  4ce57b83a2c32680ec5c45efc486e38e6985cdcea78593882ce041940014dbfa
- SHA512
  
  9830d3370d412d714e395c02b56dd887d162611be83f8aa75db84ee480b5b09d634db24d71a165bdcd346fe7481cf5249dd17ea8ab1c9aa50689f49709616923
Score

8^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  6438/fearfully.dat
- Size
  
  386KB
- MD5
  
  b5cd890b8ba5f31c3f7e457f40f5d728
- SHA1
  
  18c143ba12246321416b77e67afac04825fca12f
- SHA256
  
  051eda78705b38dc1577ef8ea4e972990d32ca7b39b4981127b2e4221d110f2a
- SHA512
  
  47774e8bd59ccce5e9a1e4e52d0b19b0561ac06a800e06f1d0e8121d06de6cf74496a188ec8737b18456d57cbe1ac9f2571c63085754dccbe93cb23d56a4fe79
- SSDEEP
  
  6144:XtgTFlqteWTBa5WsoUReNsyLK9+8WqniKS9jyA9yjHHXsBcfmL/p+LIORL6qYFYM:d8z4TU5WsoURzN9ftniPHlQEFYM
Score

10^/10

qakbot banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral3 behavioral4
- Target
  
  Overdue.lnk
- Size
  
  1KB
- MD5
  
  dfa86146631771fbd7e584549c66d129
- SHA1
  
  854a8b619e52a7f54d86a1f21a58b0bbbea420da
- SHA256
  
  5f0e2ea9dd2937edc742420b739775bae7d89bac5f208eefbea44200ce2698ca
- SHA512
  
  aaa6e434cb8cafbb4c397745bf164fa0201922e582bb1c281165c4a210f96d470c5837ba9cef815ae06081a5038699abe59e70cf3fbd9fb7ce8549329f526530
Score

3^/10
behavioral5 behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

1

T1018

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Executes dropped EXE

Loads dropped DLL

Qakbot/Qbot

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6