qakbot | d2b4f004d88fa1aa8e075ceeb4dc785fcbfb16d5297c7a2e5d36d653fe77d853

Resubmissions

20-03-2024 20:50

240320-zmt8naag35 10

13-10-2022 11:50

221013-nzp9pache4 10

01-10-2022 01:58

221001-cd4peagcfn 10

Sharing

Copy URL

Twitter E-mail

General

Target

Learn#4680.iso
Size

686KB
Sample

221013-nzp9pache4
MD5

552c3ee513509efb205ffaa2ee57b5e0
SHA1

6bb645dd2b07e9df32426f256cd56250d6b1b98e
SHA256

d2b4f004d88fa1aa8e075ceeb4dc785fcbfb16d5297c7a2e5d36d653fe77d853
SHA512

5de31ceb9a790a24f96307474d918873a3c3d0b13136371dd8b803a8d16c294b2dc6b59865d080a635694ec65e1baadb631e70d1d6c338e57a76c69bd7e6c249
SSDEEP

12288:Mzxl3goMdrbdJ6wQ8faVO099oBZfZvgWr6:M6Tdf6aAHeZfZv

Score

10^/10

qakbot bb 1664535088 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

403.902

Botnet

Campaign

1664535088

41.107.71.201:443

105.101.230.16:443

105.108.239.60:443

196.64.227.5:8443

41.249.158.221:995

134.35.14.5:443

113.170.117.251:443

187.193.219.248:443

122.166.244.116:443

154.237.129.123:995

41.98.229.81:443

186.48.199.243:995

102.156.3.13:443

41.97.190.189:443

197.207.191.164:443

105.184.14.132:995

196.207.146.151:443

105.158.113.15:443

196.89.42.89:995

86.98.156.229:993

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  LearnS.lnk
- Size
  
  1KB
- MD5
  
  940349f802740d4f3be6d156f83b9bb4
- SHA1
  
  48c5333b1dd31dbe910dbd15b1db0ad0ea0936ae
- SHA256
  
  f910eea03fb6649f038e58932c5636ca80a7fba678a16f0793dbae7e407680b9
- SHA512
  
  aca2cbd5f4fc21a47cf31696e4093458a82401a3ec3cc82fa901de29cef1292765c68eeff099243e83ff249ce97c6eed067b956d9d4c8b4b16d5425cf5108a51
Score

3^/10
behavioral1 behavioral2
- Target
  
  assaulting/baronessSubsided.js
- Size
  
  236B
- MD5
  
  773ef81ef7aeb4e37a6c0a58b212a24e
- SHA1
  
  106508be9c6961046c79400f32bfc66f3e9145f4
- SHA256
  
  8daad84fa544d5a57402c76d492b7d2eb0e4299e7337ef6d0c9b07024b4e9e0c
- SHA512
  
  eecd321e0baaa02718df0c748352813c4230f6805c95c5f67216a3de5e8032463e68fdb1dd8d5d9098535181c8619ca44246a0ed9bdba31e6c237e6c74182cb7
Score

3^/10
behavioral3 behavioral4
- Target
  
  assaulting/milt.dat
- Size
  
  448KB
- MD5
  
  24c89f5383c6dca654f27383b1ec00a3
- SHA1
  
  7766a0a045e56fe16fb5b9e0c5d7c1d047eb36c6
- SHA256
  
  bb2540e27de2b8d3d154fee3efa8e2cbefdf25e5a1d76b4cedf49ac3917a1471
- SHA512
  
  58bffa71d6be31e136c220828ba0565a7e9231e363804beefc66f47653cf80af94bcc5c221444e6f7f1707dbe915279d67c77592ccedc2d5f09b29bc62f39eb3
- SSDEEP
  
  6144:NWlZhgoMdtBYTNSlWBsAOvbd62IYQ8jjHH62uzdMzD9699o9:cl3goMdrbdJ6wQ8faVO099o
Score

10^/10

qakbot bb 1664535088 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6
- Target
  
  assaulting/testifiersEquivalently.cmd
- Size
  
  104B
- MD5
  
  8006296cc4bf5b5e5f9e3aa63b2f164e
- SHA1
  
  a2c7125717b8325ba5dcd2418a1bcd850eae7a13
- SHA256
  
  21b14d6ccbee2cd651c765ed86cb35a69a77643cd30d6f1abcae2e7d2f3ae59c
- SHA512
  
  48f768d85d8609110a0691d4364b8036ce7e54862d0289801dc86ec0e0c36adc1892d9ece7a7f242742107ee56c9249bdd5a1c3f337173c6b95a8e4e8ff0a875
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8