qakbot | df6cdca3ff0ca28a08ca8d6f02de007098968f26885a20d6d6937945655a3079

Sharing

Copy URL

Twitter E-mail

General

Target

SS8527.iso
Size

880KB
Sample

221104-c6yzmacdbl
MD5

71aeca847e10c34caa0e8ad00f85d9f3
SHA1

0791b2b793168278bec8ea66ca9112b8e998ca88
SHA256

df6cdca3ff0ca28a08ca8d6f02de007098968f26885a20d6d6937945655a3079
SHA512

15d7e711a4e882c881ec6a3647add209148f618397dcc81548774b1261059e21b1014f4fb4713806ce422f9dc0ff794c7cf517f095500658184c5b1e3085e876
SSDEEP

24576:K0SfHDiTF6jT5GKg3J8M1Yum7p8NCuPvU6P:K08HeUWx1I7sCuPHP

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.20

Botnet

BB05

Campaign

1667470599

181.118.183.103:443

92.239.81.124:443

174.58.146.57:443

73.223.248.31:443

86.129.13.178:2222

47.34.30.133:443

89.216.114.179:443

41.44.11.227:995

66.180.227.170:2222

46.229.194.17:443

190.74.248.136:443

88.122.208.197:32100

78.161.38.242:443

89.115.196.99:443

174.0.224.214:443

175.205.2.54:443

136.232.184.134:995

213.194.234.75:995

105.154.112.77:443

174.104.184.149:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  SS.lnk
- Size
  
  1KB
- MD5
  
  87c124061605cbeea361c02ecac2d506
- SHA1
  
  37ec65c38d56c1ece3693de0d2eb20fcfa2188f6
- SHA256
  
  bb3e124b1b0939f15a11f4dfdb97d2de5085188ffb34d94df00369a43c9aaf4a
- SHA512
  
  e6ab070b39760265e1f002e0c6f30abfffdd0d3f862db3f0fe6db1745255ea13f27bbab9e3f17f931f942dc3c5fcbbb9aff1ff13aa139fde79def757e59850b7
Score

3^/10
behavioral1 behavioral2
- Target
  
  pressurization/anthropological.bat
- Size
  
  254B
- MD5
  
  281dbfd1bd606ba8f17e14532c0e5a9d
- SHA1
  
  0d91fc2b3ec590abfbb6d052ffabde27d159079b
- SHA256
  
  fd307f65bd98b6d9590112c81f0f44d60eba531a9812c5b30d8031cbdfcf3e90
- SHA512
  
  4bbbe0255990231c48f7f7eacdc607fe1fc7940144befe590793d590816b1af9982dc84969abe6fac6c36204807739ad46799d2f49a813f36718b72001aaf71c
Score

1^/10
behavioral3 behavioral4
- Target
  
  pressurization/finishers.cmd
- Size
  
  279B
- MD5
  
  1a847dc66ed35c31cc42a9baadebe3bd
- SHA1
  
  1435a2fffa41723635ae1ab5adab31f968a60f4b
- SHA256
  
  f018ce58f7cc11822adcde19d27e427d86c0e7bb40375e6543a76dd015d2494a
- SHA512
  
  328802e9eee918eef30e1d2d5ad36df4ddaecb56db3cf02c7e814d34c6578d83665cd3e94d479b8106e135c8319129c418ae236b371a1fd3b9ece8935a4d61ea
Score

1^/10
behavioral5 behavioral6
- Target
  
  pressurization/principles.dat
- Size
  
  755KB
- MD5
  
  f3705a618b026f6256b02d5baf7c94d6
- SHA1
  
  649ebfded896d99021abb9e337d4796dab96ec77
- SHA256
  
  e9bead69554dfea5c711bcbf29c2a64df0cd2887cb359f10eb533bb094186a7b
- SHA512
  
  6e384ff14383452d6a86cc8f0974aeeaa26d14ebc8436569ba68ba46dd573cb4fee91b41162fb6a07c85eb6a34240e19fc3c3225adf8dca13e2e084af914128b
- SSDEEP
  
  12288:FN53TigGAAaYOjrtguXsmPKtbKgvAAfRcJtjm/1kGYuqd7pJeG5mCuq6vU6Pm:FHDiTF6jT5GKg3J8M1Yum7p8NCuPvU6e
Score

10^/10

qakbot bb05 1667470599 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral7 behavioral8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8