qakbot | 202d5e0b08a0ad5d5e6833d1f45ec8c403d67e85b5509dbf0763c262a1572522

General

Target

Details8322.iso
Size

1.2MB
Sample

221027-svmefsceh2
MD5

d21ad088acf5c655db5601dfd0bfcfe4
SHA1

138254257232b3400fe72898b1358d787a9f97f3
SHA256

202d5e0b08a0ad5d5e6833d1f45ec8c403d67e85b5509dbf0763c262a1572522
SHA512

6a97b8588c76474071288974a5c787770bc500499cee82c6da03da2aaed2f4410b99eff76aeac7e4f7867c0b065befc2f986e39fdbf5edad7cdf7d5b669e922b
SSDEEP

24576:ievu6S6gRw2ZwigHHHHbwbwMwKwqwJwR6IIo6y8bRZAuM6dMCSHc:nvu6S6gRw2ZwigHHHHbwbwMwKwqwJwRu

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

403.1051

Botnet

BB04

Campaign

1666776497

C2

197.204.53.242:443

83.244.63.21:443

27.110.134.202:995

173.49.74.62:443

181.164.194.228:443

24.116.45.121:443

41.47.249.185:443

24.206.27.39:443

113.183.223.8:443

186.188.80.134:443

64.207.237.118:443

156.216.134.70:995

58.247.115.126:995

180.151.116.67:443

41.140.63.187:443

144.202.15.58:443

190.199.97.108:993

172.117.139.142:995

45.230.169.132:995

24.9.220.167:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Details.lnk
- Size
  
  1KB
- MD5
  
  fc5bc2bb92c5fb2153944fcb5d255fd3
- SHA1
  
  c92802d6480ec15fadb8f82460d60f7684f823f1
- SHA256
  
  1ce88481bc2e46aadf6c14d6b94d1394421b47e49fc34f867e08c2b73524763d
- SHA512
  
  aa57a75444b620d923f1a6852fad7d6522c082038feec15559bee099909a1747c6b179639f0796bb7759a36a6e8990020ef32ae2504c8e87cd0e45beb9915973
Score

10^/10

qakbot bb04 1666776497 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Executes dropped EXE
behavioral1
- Target
  
  alphabetical/minds.cmd
- Size
  
  336B
- MD5
  
  06736c0d660316000d7be740e8e4f697
- SHA1
  
  b5d9ebb8c45e073cab006f763bdcd6fb8e7c10ab
- SHA256
  
  a9429c7dcf577e0974eb8ab8653cd6044eb7938d8d5e2b87a39584ac31b2025d
- SHA512
  
  de4ee253b9a822d739ef69989f77fc366ff5932bab584b069af1a1855c2128c49785ad6fd82a118b8d39ca47a06e0a09ae9a8b8bafb6c81b68ad02d30e3666d8
Score

1^/10
behavioral2
- Target
  
  alphabetical/unperched.dat
- Size
  
  627KB
- MD5
  
  cba1ea7fd2999c09a57ab80ec61a366c
- SHA1
  
  ed15bd41dec1f7628be89adff8995242d5281e69
- SHA256
  
  d0232586a1421eb851d5817a55fd1afa68a0392cc94689b5af3ae093f18ef823
- SHA512
  
  12251a0cb3f93a098a12cb3f78a439c98d67465f68c5151f18c2692ba5331deb34e74723b201f8b7e85dcb2027db55ec6681890baeb70cb142979a9ef652b65c
- SSDEEP
  
  12288:cx8IFmbH8yS5XXUrIVcxxUnMnwldJOCP6HcD5q:x6y8bRZAuM6dMCSHc4
Score

10^/10

qakbot bb04 1666776497 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral3

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Executes dropped EXE

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3