qakbot | aea251eaf7c0eeabf55ebfd1c468a5bac6070f5b3c3e19cedbaa851008fcf965

General

Target

DV_9513.img
Size

480KB
Sample

221031-xv2lladack
MD5

c8cce25f33ede8e3c44fdc64a4285d0c
SHA1

38d6f0632b66d4f83671e39931c7f485b91c7ede
SHA256

aea251eaf7c0eeabf55ebfd1c468a5bac6070f5b3c3e19cedbaa851008fcf965
SHA512

8141e7e646bdb871123508d9bb8127e3ed53942eead655194f7ca1491ac0eb6ea346098d3457008294f4941f26b8f6e2dcecdf3dcdff295e5aa265464395dcf7
SSDEEP

6144:nkbHJhzU/Gr+acU2gqnEIzGOEBPepzn6WX1LB5QpK1K0we5itwWUT1AO7V:2heLacnx5dFBOpawe5iFS1V

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.14

Botnet

BB05

Campaign

1667208499

C2

174.77.209.5:443

187.0.1.74:23795

24.206.27.39:443

1.156.220.169:30723

156.216.39.119:995

58.186.75.42:443

1.156.197.160:30467

187.1.1.190:4844

186.18.210.16:443

1.181.56.171:771

90.165.109.4:2222

187.0.1.186:39742

87.57.13.215:443

187.0.1.207:52344

227.26.3.227:1

98.207.190.55:443

187.0.1.197:7017

188.49.56.189:443

102.156.160.115:443

187.0.1.24:17751

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  DV_9513.img
- Size
  
  480KB
- MD5
  
  c8cce25f33ede8e3c44fdc64a4285d0c
- SHA1
  
  38d6f0632b66d4f83671e39931c7f485b91c7ede
- SHA256
  
  aea251eaf7c0eeabf55ebfd1c468a5bac6070f5b3c3e19cedbaa851008fcf965
- SHA512
  
  8141e7e646bdb871123508d9bb8127e3ed53942eead655194f7ca1491ac0eb6ea346098d3457008294f4941f26b8f6e2dcecdf3dcdff295e5aa265464395dcf7
- SSDEEP
  
  6144:nkbHJhzU/Gr+acU2gqnEIzGOEBPepzn6WX1LB5QpK1K0we5itwWUT1AO7V:2heLacnx5dFBOpawe5iFS1V
Score

3^/10
behavioral1
- Target
  
  DV.lnk
- Size
  
  1KB
- MD5
  
  cfc2c6be0247c15708ee077d293956c4
- SHA1
  
  6b2c2bc858149a1af62ae414d4fbebb9d4ecb966
- SHA256
  
  5ff465cd23c117c77714927839880e588a27cd933222d9e26f39507d09e53dbf
- SHA512
  
  aeb4bae560b31d514cdffc0f9b52c1e58e9de0bfce51fd431431ddb2e4347047f3bba578a10dba5f7a3c6483a90af3f0b74dc13a2dd1bda07c422e8915e8708a
Score

10^/10

qakbot bb05 1667208499 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Executes dropped EXE
behavioral2
- Target
  
  selectable/embalmer.cmd
- Size
  
  551B
- MD5
  
  4e79e57adca19e2e210825115379e022
- SHA1
  
  321b861ad0a6356a207848e8a00a5e39bf6c1931
- SHA256
  
  4868f8110b0de4a25b3a05d85fbf8e0cc79c10d1a3e85685458305c23abfa654
- SHA512
  
  f9e2d512fe93d2055293f4d542c5888645682705c5f870f9a4f407a810a659a28d733e180e3d4b8f705ea22ae2b68b514dae495b547341063073e6445796be02
Score

1^/10
behavioral3
- Target
  
  selectable/pulsars.dat
- Size
  
  421KB
- MD5
  
  10fb7039d24f8593a7de808f8204ead1
- SHA1
  
  12db0d02ef56ac4b879f1f93701802428c670934
- SHA256
  
  14a953b85f253f28776ef4a5e4f5a7e6932b419f0d671ef1e9ffe94fb038b1cc
- SHA512
  
  1cd7d0050bcf6cc321a2ebfe17d721504d5872275d52f1ef8c422dc28557210c6c99758eb92485c3d007d716bb413ad1f6439eb90c04d82dd814f97f045de732
- SSDEEP
  
  6144:MkbHJhzU/Gr+acU2gqnEIzGOEBPepzn6WX1LB5QpK1K0we5itwWUT1AO7V:dheLacnx5dFBOpawe5iFS1V
Score

10^/10

qakbot bb05 1667208499 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Executes dropped EXE

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4