qakbot | 0259011b71d361d347f20ed51a7f7d528aa1964c63bf4e6de0f4dda783643177

General

Target

CB1817.iso
Size

938KB
Sample

221104-wfdesabdan
MD5

3be79de3ec6c3a339196cfff93173a5f
SHA1

1cf3d7fd45dcb4dac305477aa76083b2511587a2
SHA256

0259011b71d361d347f20ed51a7f7d528aa1964c63bf4e6de0f4dda783643177
SHA512

3e145dd86fbffb13effa4a327c6a27985f4ba1da1ff41bcf0145f15451cc8786ce4c89cf2e7e83768db69b433d5cd864df26795f549712152fecc163ca57c07e
SSDEEP

24576:Yh9FD5pgOkBz0xjxEdiOnvkajAkxOw6pKHshgSf:Yhfg0xj0iOnHjAkxOw6pKHshgSf

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.20

Botnet

BB05

Campaign

1667543522

C2

190.199.161.250:993

92.25.139.40:443

157.231.42.190:995

186.73.140.43:443

70.66.199.12:443

216.82.134.218:443

174.77.209.5:443

139.216.164.122:443

91.169.12.198:32100

139.5.239.14:443

50.37.149.215:443

74.92.243.113:995

74.92.243.113:50000

49.175.72.56:443

24.142.218.202:443

136.232.184.134:995

181.118.183.103:443

174.101.111.4:443

47.34.30.133:443

41.44.11.227:995

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  CB.lnk
- Size
  
  1KB
- MD5
  
  3c508f2b4a3b2753bd3ae179c612ef5c
- SHA1
  
  c78b2156077bb32e7da31edd72dde7f430cd1ff2
- SHA256
  
  6805167eb816425ee171e4d54400bb40f0a7749fca9e340e99d119f4b838172b
- SHA512
  
  44578f6e4f385a7da1bbef9a71a5d94adc6becbe5ef884c31646992864af61d2c54e8db18590239bc30ae5d50baa2be262157d8d3c390ab81433d5a3c2604c76
Score

3^/10
behavioral1 behavioral2
- Target
  
  desynchronize/comeuppance.dat
- Size
  
  705KB
- MD5
  
  99779c7288eec36bfccb9de99c2041ad
- SHA1
  
  e4cfa9711b347df96619891a3076b2c17c12ba71
- SHA256
  
  522c76e8bcc7a0088bddb2ab09c17d652346969e3fa28f29ba7ac71d6534788b
- SHA512
  
  d19ad3e6627e9f9c603a188ff98dd3e0eadb326cdbf8d859107084c513d8df0658692f88d6bee4aa2fe21245344e89a781277e3da3e8ec3c7bd529f7e7c96e2e
- SSDEEP
  
  12288:m1hFLlWXKDqUkyQ8r12OkBlqMv2RnxjxRuWRuiOCqvkajw:Kh9FD5pgOkBz0xjxEdiOnvkajw
Score

10^/10

qakbot bb05 1667543522 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral3 behavioral4
- Target
  
  desynchronize/jocularly.bat
- Size
  
  246B
- MD5
  
  d6d60fe4c2be44ba96f8dcd7e4fe0397
- SHA1
  
  9611537b2ba115796b5edcde8a21904791598550
- SHA256
  
  25b037b06fa7e95c2298ec02bb45fd3d74a114c80b41b7c93e4a6fccbff30ce3
- SHA512
  
  de39ef89b581f58dedfa7f836f0d26bdd009be6d35c529f81d293154fefdb07dc71ead3f4a7ca0d416e4110706c5605e0d50babce03982a733a15200b64343fe
Score

1^/10
behavioral5 behavioral6
- Target
  
  desynchronize/steroids.cmd
- Size
  
  249B
- MD5
  
  4088d826e9d47fa142d5b5f48d39ced6
- SHA1
  
  35d677a2f4a5ce9da972a9b131d1c440be248b5e
- SHA256
  
  1131f74c585345805b2cee3183727e836fe68d2a3c341e393e16ff99623fa90f
- SHA512
  
  84fbf2799c4560be5bd3234582a350abb195473024442e37d68301befbc9687250b4b7012ad93f9bfdfd8635d28601c6fbd93e95d740a2ed9b48e14ec1c74006
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8