qakbot | a06c213833ae57fff7d9c67495e6430f6a9f89f5950b2806da8df0753a0e20e4

General

Target

SS7470.iso
Size

880KB
Sample

221104-ge3kyseaak
MD5

40ecb42ffdad08150d1c7ae9ef5fcd09
SHA1

4efd21a5d51792cb761bf9150facb667961c01f3
SHA256

a06c213833ae57fff7d9c67495e6430f6a9f89f5950b2806da8df0753a0e20e4
SHA512

91af155a8f3f57d86b40fef48a215c39dbd0d775644f90359efbddc2bc355482d77725bff0e0c5c5905e2e6defa8d39c18d22674ba28266ee5734c86e113f591
SSDEEP

24576:x0TAHDiTF6jT5GKg3J8MwYum7p8NCuPvU6P:x00HeUWxwI7sCuPHP

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.20

Botnet

BB05

Campaign

1667470599

C2

181.118.183.103:443

92.239.81.124:443

174.58.146.57:443

73.223.248.31:443

86.129.13.178:2222

47.34.30.133:443

89.216.114.179:443

41.44.11.227:995

66.180.227.170:2222

46.229.194.17:443

190.74.248.136:443

88.122.208.197:32100

78.161.38.242:443

89.115.196.99:443

174.0.224.214:443

175.205.2.54:443

136.232.184.134:995

213.194.234.75:995

105.154.112.77:443

174.104.184.149:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  SS.lnk
- Size
  
  1KB
- MD5
  
  5b1c4e4935fd5b0778f314fb37d36ea0
- SHA1
  
  0a7c2c474d8c178a4188ae185ae3ad611bef792a
- SHA256
  
  7fdc7b226e9e304b955c4707e7adfe053997494e62eff72802b87dace00f50bc
- SHA512
  
  aa5c0ec8007eb75b10c001c5d63ddbe356ddab69c2135dd1a2a42541a0afbdb88af5a0ddfe18fe9591d5dbede663abc52608c60c523768d8de8ec540cb75fb7c
Score

3^/10
behavioral1 behavioral2
- Target
  
  pressurization/interceptor.cmd
- Size
  
  249B
- MD5
  
  221f639bf156503df810cdd2a0f9ce7a
- SHA1
  
  3bcf125292e4cb291bee30aff997fb5845e610f0
- SHA256
  
  f7682618aeb86bea1438a62d1676b864395c088c1c5eaa9a288685ce8cebc8fc
- SHA512
  
  4a8ee0c8dec0d77abdad253aee54f4a7e9cd1658e1488a994ba1059df0a335bede38d3f31a6291089337b795310caaf07132c71d6bc39fd53327233cedfe0270
Score

1^/10
behavioral3 behavioral4
- Target
  
  pressurization/roughness.bat
- Size
  
  211B
- MD5
  
  6c94bd3451e8a471350bdf6505adad8b
- SHA1
  
  381fd2681ab7d8bef1776b01ddfad9b83de62b82
- SHA256
  
  f8d76e0c351df79606ad6f232ca045fc98a54d32155fd75b71107b0b04677c68
- SHA512
  
  c0f67bcf43e83ab13c7e4830b28097e08bad98ab02eeebb5c1539c0ebc0dae80c534199d0165e9a8e2d604fd4dac5cbc0ee9ccb6384b242faeb8dc6953665181
Score

1^/10
behavioral5 behavioral6
- Target
  
  pressurization/tricky.dat
- Size
  
  755KB
- MD5
  
  243c552f305d208b8f5f231e7f3a7f83
- SHA1
  
  6b9778430ef2563ddb9198ec2b38822aec518f77
- SHA256
  
  3905804a6dba4a25bcc469bbd18dee15e6731cbf47c233997b1829f8dac36276
- SHA512
  
  b4edac5aaa0c4a15acc1c091eedcac595d93b68cd6a98e03aad00ee36b0ac10eecb6fe7a9ad626ae7363446629053a76a160ff7cade11c695174dd085da7663d
- SSDEEP
  
  12288:FN53TigGAAaYOjrtguXsmPKtbKgvAAfRcJtjm/1kfYuqd7pJeG5mCuq6vU6Pm:FHDiTF6jT5GKg3J8MwYum7p8NCuPvU6e
Score

10^/10

qakbot bb05 1667470599 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral7 behavioral8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8