qakbot | 070003eb267e8c10b998416d8d5f08e8d2c2a2f2b518c592b80eebc3ea1e534b

General

Target

Overdue_2798.iso
Size

446KB
Sample

221008-pskw3aega9
MD5

3890d03ba8d4fad90efe7f7ecc6f4254
SHA1

f7d2e1b614176d9da4a5a98d7bb0e50dd6a7ea3f
SHA256

070003eb267e8c10b998416d8d5f08e8d2c2a2f2b518c592b80eebc3ea1e534b
SHA512

347f65d3566cc033831d56c3c56af6c1fce1e938ab13330960d79e5b1eac6a9ebd1dec7d5980e713ce6b7d03a06e4a91cf177133a547ad7fbc940dc29b76979a
SSDEEP

6144:mtgTFlqteWTBa5WsoUReNsyLK998WqniKS9jyA9yjHHXsBcfmL/p+LIORL6qYFYM:88z4TU5WsoURzN92tniPHlQEFYM

Score

10^/10

Malware Config

Extracted

Family

qakbot

C2

78.94.148.92:1753

134.180.185.240:32987

201.136.101.182:38323

124.77.95.5:46163

196.90.29.190:30693

187.144.110.117:36330

10.44.33.140:65267

162.117.200.91:29984

159.254.223.192:31154

11.239.81.233:37

31.248.76.23:24072

224.77.182.18:55579

124.230.27.11:44408

205.255.39.94:54675

192.1.213.104:14212

145.3.120.239:20068

242.199.30.106:9157

243.240.195.106:42825

74.234.32.185:42698

102.51.5.67:47820

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  6438/3772.cmd
- Size
  
  278B
- MD5
  
  a7b8d1bac0857fbcebe10a6b8387bb78
- SHA1
  
  af266047118b6eb3db740cc15186cb1b0225e298
- SHA256
  
  7f8d898ca912400adf3b0f1d8f13ba2d60be4fd4aed83dc004e4b2fb301e1142
- SHA512
  
  778ce3cf3018da8883c7abb853fcfa51cc525e31b28a029774228b117f2fb26b2f7e4ce428ad91162339969522f92f235fea5036ddcb90d5fefcb8bda3d25b76
Score

8^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  6438/grassing.dat
- Size
  
  386KB
- MD5
  
  f6f4f1bbe873a35bdfffffc0c00b61af
- SHA1
  
  7d831da7bd7aa594b4efa0f07ea9ee0748fdb9cb
- SHA256
  
  9ef5f5a55db078bbcf60cb9750349ab35f3ef88e8c5574f23fb77a485d0ba603
- SHA512
  
  6803d2324c13625c50cd8564af9fc2947e277c2c2b9a5aa27d740eb05bde9847795c105f73f515b1f887b2b313287e0db10c19b2e444be87588a7fc04a500e58
- SSDEEP
  
  6144:XtgTFlqteWTBa5WsoUReNsyLK998WqniKS9jyA9yjHHXsBcfmL/p+LIORL6qYFYM:d8z4TU5WsoURzN92tniPHlQEFYM
Score

10^/10

qakbot banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral3 behavioral4
- Target
  
  Overdue.lnk
- Size
  
  1KB
- MD5
  
  ffeafc4263358e435480fe4a4c6208b4
- SHA1
  
  8978785f158fdfaabf9ff572dd1e349429338c2e
- SHA256
  
  6d48f8cbd9ebfef71cd9a77c8bdcc6bf64330010b15fd3f3fa936d0a8f2abc79
- SHA512
  
  3b55f718e58bc2d9ea5034d3c495f7d9e3ca59e9498fd6c5a2784f95340d683eb34a069df46263c6e454d3cf3629137b7609aa295e48daef86b194dcd24884bb
Score

3^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

1

T1018

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Executes dropped EXE

Loads dropped DLL

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6