qakbot | 8e07849e4df4a8ed7807f06ec7b1641b7d0c92803a439c1061ecc1d423402866

General

Target

7e3cd57a-c7aa-4333-a234-c46b3b1c3949.zip
Size

220KB
Sample

221006-vwcyhsaad7
MD5

e4e6db41cb4beee74b7fc122bc363816
SHA1

5eedad5589fe8c37aae6a5cdbbd9ceaf5d5628fb
SHA256

8e07849e4df4a8ed7807f06ec7b1641b7d0c92803a439c1061ecc1d423402866
SHA512

1ba9811a050c7cb990c4a1716e276bf646c0568f97543317dd260455acf74cd16b5c685c80c90ac52d716fa7ff711d969c90ee16dcb7d06aa4807fe4b735167a
SSDEEP

6144:UYHo5TNzgcWX/XSBiLPb/HyggxoF1Zzm6R8U:qzgcWX/AiXvcxwfm6R7

Score

10^/10

Malware Config

Extracted

Family

qakbot

C2

254.220.133.175:61488

6.214.34.86:37718

129.63.87.139:47957

199.143.187.202:62342

233.203.75.113:40362

82.124.234.247:34892

77.88.220.108:65380

25.178.53.162:20183

234.205.153.76:63077

238.101.201.44:62063

244.41.89.118:54277

231.192.232.240:5182

13.173.166.131:1980

145.12.85.164:5864

13.198.107.186:24529

120.215.195.171:65347

193.162.253.134:2162

122.85.3.31:40483

50.116.208.51:18656

210.30.166.49:58465

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  3586/1685.cmd
- Size
  
  187B
- MD5
  
  01a20d98bea6926033da4bbadcab0f73
- SHA1
  
  03f55f52b47ed2a0e89538a893de634c514dfb8e
- SHA256
  
  872cdd28f23b66a64b482e9d9df25b4369ba614cc98926b47efe934715b3fb9b
- SHA512
  
  5bdfc2c4dce13f278fa6449db87a1f6103c92201aeabe735e372d45acb82e8a90364883a8eadd238725fc6acc888a887e590bac72e276c0f65f60b497dc52432
Score

8^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  3586/unzips.dat
- Size
  
  384KB
- MD5
  
  1fa2068f08d1c55f06d6c33cb846f9ad
- SHA1
  
  e305efe7987be1a91cdf39daa6bd1b19bc8c694c
- SHA256
  
  fd18b58235e50379b775cc3cbabdc8df599e71f787b2d286281999c24ecc18f8
- SHA512
  
  c2a2b84e2549be4078397650470f40d7f1b3c7385eab182e91ee2af09aea429c307b778d16e7b5673a10946485ef1db790d21878a4f752ed59e3061687898764
- SSDEEP
  
  6144:OwWNVNYHWRZMZeiVt5p682MkWgylrBeKd5bYBWzjCvIuwDJnpCKHbrxOG53KPNs:Ol5eWt82Mk6lroKsLguiHOPNs
Score

10^/10

qakbot banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral3 behavioral4
- Target
  
  Item.lnk
- Size
  
  1KB
- MD5
  
  f6f88a0957b587e595574ca8cfd9a10a
- SHA1
  
  9368058283eb380a9f40113285816c4331f6faa7
- SHA256
  
  7684f73c8a28ba24eb8f942ee918b703a40dfce694356b01a2f1fb023075aea4
- SHA512
  
  2d1057a53f3f0293ec4719e4e2c4e0346a317aafd89e33f7b4e27969f988ce630a5a3ec206ae910b542c1ccf50a0f7024c80827940787decf60365aa986d584f
Score

3^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

1

T1018

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Executes dropped EXE

Loads dropped DLL

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6