qakbot | 87e345cf62178d24cf0a91c136fa06468e5fafb88173f93c8ff3ad7f17b66cb7 | Triage

Sharing

General

Target

Data6702.iso
Size

492KB
Sample

221014-tp9hgadhap
MD5

32b2950e05ecb1e870bf6d4e70a313f5
SHA1

9578ccd218abb0030e90aa719f431dfa681bb742
SHA256

87e345cf62178d24cf0a91c136fa06468e5fafb88173f93c8ff3ad7f17b66cb7
SHA512

189678dc70357cb0e8978246a7e41b820b77b0a8fa72008b0b6dc5b4c140bc63c61cd13518b4d0e00252b49fb84a4fb7f289a99e67cc41000cfb6d5ebc1130a6
SSDEEP

6144:k02TkZiGBoGGhNExiSz8ZFZG2MEnD4vrWEBvljmcmUv9n2dDSH+:kPCiSoGWS4HMmQWEBvlaUqSH+

Score

10^/10

qakbot bb01 1665647855 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

403.973

Botnet

BB01

Campaign

1665647855

C2

19.168.189.106:26139

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  IData.lnk
- Size
  
  1KB
- MD5
  
  810e85cfb1b368c759fd238c2839ffd2
- SHA1
  
  131646633d26678c3ab0770d78b3b4aff4fcfd05
- SHA256
  
  fce11b06008f2bd94e12b2a6e67ae3754923684289d1c8565804faa96acf5d86
- SHA512
  
  a718fc569451f1294bbb901c69d4a294176cea0b2a6d155e049b26a09442f38436e13166fc60e93b25a379e0255f83bad63828e211591dbbed0cb015a0114b31
Score

3^/10
behavioral1 behavioral2
- Target
  
  obediences/bide.cmd
- Size
  
  420B
- MD5
  
  57ca313686a484c166c7444a286af29c
- SHA1
  
  7f17c854aa8dae032eed8ff83a426761f1e5ccf9
- SHA256
  
  59f6563750f9108680e6f850a444c61c5506a27fa44f6df41bfe237508a03084
- SHA512
  
  5700a797190e11b97d07aabf3e4a11139e45b2879ed56bd3de793224a32c6808de5982e7e434d4f1a0af5d6aefdf2435ebe5fcc43a6ee749de8af1e483526dad
Score

8^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral3 behavioral4
- Target
  
  obediences/salient.dat
- Size
  
  295KB
- MD5
  
  11c4d79864a389a5400a92fbc4b3e80a
- SHA1
  
  e299a44aa3dbebfe62410ff5fda226d1d3f74ef2
- SHA256
  
  57108d6e8e86f1a416f5ac44ccd49f2b58cbc9e3995fc35fec4a43fd700fa39e
- SHA512
  
  4862ac69e86ca1293886081546f9d3cec9f20dc495081fe6aaea418502ef223b673c588a46b0609b93180e8682f91a56e8f0435e2c6c8c61e229fc360939f639
- SSDEEP
  
  6144:YiSz8ZFZG2MEnD4vrWEBvljmcmUv9n2dDSH+:DS4HMmQWEBvlaUqSH+
Score

10^/10

qakbot bb01 1665647855 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

qakbotbb011665647855bankerstealertrojan

behavioral6

qakbotbb011665647855bankerstealertrojan