qakbot | 814299de88cde77b7f06476f2abf8f6719d3b8d2184796114c56a6ee08833e61

General

Target

PE#3962.iso
Size

444KB
Sample

221006-wdz6rsaah4
MD5

4cf60391efc89945d85ba83c93547d5d
SHA1

adf5411f4bd777f2a2fc7819c63f53f1f22e495e
SHA256

814299de88cde77b7f06476f2abf8f6719d3b8d2184796114c56a6ee08833e61
SHA512

446b426576c4582b4af169e0c7e341313a53e3baa5aec3ccbc4c56f1162d4af1130f3e65e87db000ef46c1166636eb3a1ae62f7a44fbc20bd451e2efbce741aa
SSDEEP

6144:3wWNVNYHWRZMZeiVt5p682MkWgylrBeKd5bYBWzjCvIuwDJnpCKHbrxOG53KPNs:3l5eWt82Mk6lroKsLguiHOPNs

Score

10^/10

Malware Config

Extracted

Family

qakbot

C2

254.220.133.175:61488

6.214.34.86:37718

129.63.87.139:47957

199.143.187.202:62342

233.203.75.113:40362

82.124.234.247:34892

77.88.220.108:65380

25.178.53.162:20183

234.205.153.76:63077

238.101.201.44:62063

244.41.89.118:54277

231.192.232.240:5182

13.173.166.131:1980

145.12.85.164:5864

13.198.107.186:24529

120.215.195.171:65347

193.162.253.134:2162

122.85.3.31:40483

50.116.208.51:18656

210.30.166.49:58465

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  3586/6190.cmd
- Size
  
  187B
- MD5
  
  5f1a86f574068771662310dd27e4dda8
- SHA1
  
  f94bcb88b0ea66b537b509de72340c1288cbe12b
- SHA256
  
  7d5bdd81da74a8908216ef80642588eec11009c06decfa86aa9ef321aa1ca854
- SHA512
  
  931392aa68db4ea9c9d58c32b5cfd087dc93f2e7a179b8f8ba05bea6ab028ec1afe09af8a9e10f0d65be9df9cdf54814d18a2d6d173057e12baa79b25e2e9538
Score

8^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  3586/extinct.dat
- Size
  
  384KB
- MD5
  
  1fa2068f08d1c55f06d6c33cb846f9ad
- SHA1
  
  e305efe7987be1a91cdf39daa6bd1b19bc8c694c
- SHA256
  
  fd18b58235e50379b775cc3cbabdc8df599e71f787b2d286281999c24ecc18f8
- SHA512
  
  c2a2b84e2549be4078397650470f40d7f1b3c7385eab182e91ee2af09aea429c307b778d16e7b5673a10946485ef1db790d21878a4f752ed59e3061687898764
- SSDEEP
  
  6144:OwWNVNYHWRZMZeiVt5p682MkWgylrBeKd5bYBWzjCvIuwDJnpCKHbrxOG53KPNs:Ol5eWt82Mk6lroKsLguiHOPNs
Score

10^/10

qakbot banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral3 behavioral4
- Target
  
  Item.lnk
- Size
  
  1KB
- MD5
  
  6df9e10b2ac6d9b385831136e430c105
- SHA1
  
  58a55af9d17085e6e24284a152f9028d87d30c52
- SHA256
  
  0cd04a843d670bf2c379476af2a0c3957962acc924800990e34780bcd3945566
- SHA512
  
  2ef9dd3d4708f184535db0314dc0c529c400482ed3e37b0861fe8de470b24e5e8f7789b003646584aa4e54e59315b1d1ea8d886cef4b15eaae6407555b4fd1d9
Score

3^/10
behavioral5 behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

1

T1018

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Executes dropped EXE

Loads dropped DLL

Qakbot/Qbot

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6