qakbot | 547dcb0f768a829221f79a6863e63c31f8f1199c94693ba5bacd75db31ac9212

General

Target

CB9407.iso
Size

938KB
Sample

221104-2v1frabge9
MD5

cd33d4dd2ac04b8b0cf07b170342c301
SHA1

feb8af914688510a875c7a8e468989fb50867fe6
SHA256

547dcb0f768a829221f79a6863e63c31f8f1199c94693ba5bacd75db31ac9212
SHA512

ca0ea77737cd2230cf0077c50e8a4b2f081fb0d3f6700a39209693f96a4f2d73a244f6324848e7ac39e33e47c7271dbdde9cc071dd05517539058cb10fa8b1c4
SSDEEP

24576:5h9FD5pgOkBzOxjxEdiOnvkajpkpOw6pKHshgSf:5hfgOxj0iOnHjpkpOw6pKHshgSf

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.20

Botnet

BB05

Campaign

1667543522

C2

190.199.161.250:993

92.25.139.40:443

157.231.42.190:995

186.73.140.43:443

70.66.199.12:443

216.82.134.218:443

174.77.209.5:443

139.216.164.122:443

91.169.12.198:32100

139.5.239.14:443

50.37.149.215:443

74.92.243.113:995

74.92.243.113:50000

49.175.72.56:443

24.142.218.202:443

136.232.184.134:995

181.118.183.103:443

174.101.111.4:443

47.34.30.133:443

41.44.11.227:995

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  CB.lnk
- Size
  
  1KB
- MD5
  
  30f1ffcf6df21a1ae6339795444dae23
- SHA1
  
  b73a127245efbb7ea569b3a1a7c9d7129368c423
- SHA256
  
  2b914aa7d158e2e8860bcc36a591ec18539e7214f8d1e8590efea4182f45afba
- SHA512
  
  3300e3d2d7fef7fce844a4feb453cdffdc5e658b4a7d0e4ff505adedc4b9d6a919aa3234ddd90e3481615e896de00f6a18aeb265cf20024b1d78b6cfa6d51bbf
Score

3^/10
behavioral1 behavioral2
- Target
  
  desynchronize/biosphere.bat
- Size
  
  209B
- MD5
  
  ccc3a8d61630dce753441e1b998df6c9
- SHA1
  
  f36cd6fa7abeb2b481989ffaef0cc6381b6bf1d1
- SHA256
  
  cd590f517dfde80ba80bf33309d76623076625f36d336cee1ca61e98288da493
- SHA512
  
  eecaca846a0604be60d2d2549fc0fa3a5e59a826d88e082f3f078a8150ed0fd6efa4e66041ee08100ef671526598c8abab8046d10d4d6b117c21530e163b89cb
Score

1^/10
behavioral3 behavioral4
- Target
  
  desynchronize/endless.dat
- Size
  
  705KB
- MD5
  
  fda936d9dca0affdf27a8935a772db0d
- SHA1
  
  9bc0506b700b5c999990c1dc70f6f21e079288cc
- SHA256
  
  47280de12ab09d78f963d76beddc0de546bf24ecc94b1f033c9d24b91b0344ac
- SHA512
  
  a893aa491d2f0edce0a1a58be7d73814d6301c5dee57c90cd6a8a9d31f58122b0ece58d8d651b12c48493a1ec88adfe921373b7e8d9b6c87d01bc39b3024e521
- SSDEEP
  
  12288:m1hFLlWXKDqUkyQ8r12OkBlqMv2rnxjxRuWRuiOCqvkajw:Kh9FD5pgOkBzOxjxEdiOnvkajw
Score

10^/10

qakbot bb05 1667543522 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6
- Target
  
  desynchronize/figuration.cmd
- Size
  
  269B
- MD5
  
  b11ae7bc8ddd0b3caa4008601dc22f12
- SHA1
  
  572cb042a88e12b2661d2e0b3f7a224aa6e16b96
- SHA256
  
  d6a0430807679ef0df9b07cb3e1d9ec5ed28dc260f55ef00db4e47e1c5e3d1c8
- SHA512
  
  be8e3fb6336a80a61711135cea23daadca090e62b91933688a4b0a6d5cdf7e8c5a7b80999f211f5273f8ae4a39f75a9beca23c964fee4688264f31b2ef01f820
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8