qakbot | 269cf81044f347abecb9118f9c5bc6a98133db8eb30f2093f9cf590c3b3d8b0b

General

Target

CB3528.iso
Size

938KB
Sample

221105-d1lmsadcg8
MD5

a37aa959e0110be742e7667e5e60dddf
SHA1

3d79beec56f6af330304ee16ff62b0691fdf24a8
SHA256

269cf81044f347abecb9118f9c5bc6a98133db8eb30f2093f9cf590c3b3d8b0b
SHA512

a18c7a61e04067238b711f89d2e7096918951471e748191a89deceb9f535876b75b586a0de3c55574cd766a061912778429288351cf1eed82d28e5b2ed9581b4
SSDEEP

24576:Lkmh9FD5pgOkBzAxjxEdiOnvkaj8Ow6pKHshgSf:LkmhfgAxj0iOnHj8Ow6pKHshgSf

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.20

Botnet

BB05

Campaign

1667543522

C2

190.199.161.250:993

92.25.139.40:443

157.231.42.190:995

186.73.140.43:443

70.66.199.12:443

216.82.134.218:443

174.77.209.5:443

139.216.164.122:443

91.169.12.198:32100

139.5.239.14:443

50.37.149.215:443

74.92.243.113:995

74.92.243.113:50000

49.175.72.56:443

24.142.218.202:443

136.232.184.134:995

181.118.183.103:443

174.101.111.4:443

47.34.30.133:443

41.44.11.227:995

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  CB.lnk
- Size
  
  1KB
- MD5
  
  22a048742105bf118c9fc93e5336e5aa
- SHA1
  
  13a6dec82c34b004fe5b067b25dda43000984e99
- SHA256
  
  99dc29a864cb74870a5fe329597f3b56fb50e53dcc71e9dfc26351855b2c3c5e
- SHA512
  
  ad3e76eb834ba74adc2b7f097975e5ed9d67ceebd06584218956a958579c7940688122f8e94218f7afa4dcdf13caca546ecc3dc3b14a3b7d51494752a76a5f8c
Score

3^/10
behavioral1 behavioral2
- Target
  
  desynchronize/chiefdoms.cmd
- Size
  
  271B
- MD5
  
  b03b4767b465aab71fbe91568493670c
- SHA1
  
  18e7d098419fa4137548e2f6b69d65f882f9ad53
- SHA256
  
  5691c677f72937707faa3768be36024ffe469a67253d8d26ceb1a786b0425703
- SHA512
  
  2efca6f24e5db21b882534575b4d2066166bf0fc5bd0b613e91892bf9923b0a08b6acd2ded8ea82cfc78c6c87b48adb3f21a3d1b21480d166bac0df055b0eb0e
Score

1^/10
behavioral3 behavioral4
- Target
  
  desynchronize/enshroud.bat
- Size
  
  218B
- MD5
  
  be6c816a1feea22aae5cbaf68596aea0
- SHA1
  
  a40af3a333f7013a3127689a45876edcdb140876
- SHA256
  
  5b3f085affafdbb13f8521f9f0dd6c8680e9e66e7ffdc6ea05b3da8dfb45aa44
- SHA512
  
  3fc3eacd2e920e3757d31fcb14086fd1463f4ace65cca556b56929d1e0b7b693c728699eab79ddaa61682c784084f1f0ce7350c4d3e223144e3575fc58a0a5f3
Score

1^/10
behavioral5 behavioral6
- Target
  
  desynchronize/ninth.dat
- Size
  
  705KB
- MD5
  
  ac093b01d60021d6143b2facd30ef35b
- SHA1
  
  fa949435a9e85d9320e9db5c37084d464621221f
- SHA256
  
  434c7cad3e860ae19dd388cabc54fec4081c3354aeef7637193a07374fa942e2
- SHA512
  
  6f3f2cb1d04b7a5338c961c0c973646634888d98451898b6789d3c713282a3fa53e17e0f87c943022582bf59a4b6982cc2b7dfc73aaa71f549af007c304ac088
- SSDEEP
  
  12288:m1hFLlWXKDqUkyQ8r12OkBlqMv21nxjxRuWRuiOCqvkajw:Kh9FD5pgOkBzAxjxEdiOnvkajw
Score

10^/10

qakbot bb05 1667543522 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral7 behavioral8

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8