qakbot | 78d56d3ea2d113b67fb9561a6ce926a16fc1cb9a4b43044ab4989db0bfa95c4b

General

Target

CB4985.iso
Size

938KB
Sample

221105-ejy28adeb3
MD5

6ccce5362ec6e608bd64723f893d45e3
SHA1

76dfcfbeb448c7ac77e50d44d6b44c3fa1c7a722
SHA256

78d56d3ea2d113b67fb9561a6ce926a16fc1cb9a4b43044ab4989db0bfa95c4b
SHA512

1e812f97a59af3e49569bac0947e735b8c8f6d92f278330146e8042a100ac64873ff4397691729c96bfc3ca4320458a1e8122eddc92bcca4e3b0e1b9d7bf7337
SSDEEP

24576:AkCOw6pKH7h9FD5pgOkBz1xjxEdiOnvkajehgSf:AkCOw6pKH7hfg1xj0iOnHjehgSf

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.20

Botnet

BB05

Campaign

1667543522

C2

190.199.161.250:993

92.25.139.40:443

157.231.42.190:995

186.73.140.43:443

70.66.199.12:443

216.82.134.218:443

174.77.209.5:443

139.216.164.122:443

91.169.12.198:32100

139.5.239.14:443

50.37.149.215:443

74.92.243.113:995

74.92.243.113:50000

49.175.72.56:443

24.142.218.202:443

136.232.184.134:995

181.118.183.103:443

174.101.111.4:443

47.34.30.133:443

41.44.11.227:995

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  CB.lnk
- Size
  
  1KB
- MD5
  
  ae71c300bf54b2d249bcc27c00039910
- SHA1
  
  4ddaddc3546987074e7208dd4633d97353440dcf
- SHA256
  
  8a52931a612063267ade583620dedda9a7b09c69bf50e54ca706f62fda395669
- SHA512
  
  111e8c293b80b97336b1f25cf900f1cdf92cb92ec3cdebc63c92205ad7daf2ead401d80ba271e86d7d5384dfae90eba287e2d048e909a27cc828bc2078dab61b
Score

3^/10
behavioral1 behavioral2
- Target
  
  desynchronize/crock.bat
- Size
  
  212B
- MD5
  
  43fb22b89c72f1579cc3f1b5dfc7fe25
- SHA1
  
  998c7a8ca2c0d7a1c3d7fbf8a043df926d17fc90
- SHA256
  
  4da14cd988dc63fba4dce1c9cfda4082d1a87b7e98359cd2158f50896229dde1
- SHA512
  
  2c32c9222a8d89e8c7ed0bf22a31144d88a9a5f0362d5ed4983569b8edc0418e8952a0ae67358fa598f59d3c6fc69b92613303afd036d88be9ca917862251702
Score

1^/10
behavioral3 behavioral4
- Target
  
  desynchronize/operatically.cmd
- Size
  
  277B
- MD5
  
  0193a22d9ca8cfc8adb1b43b0214cc89
- SHA1
  
  eeeb5dbe16fa9336cd1e64cb4f2445ab6f21bdbc
- SHA256
  
  686697a631fd489544545795133a856d5708c2420a7d7b0f19dac7b0c4cd00ae
- SHA512
  
  3c3c393e1c675008cb629edbb6b9872f98fb46b29ee765d95d6dc5d7c99a5128600633d4f3371c9b62685f03f4e9a2d61d928b345393a9079be026df7dfefc56
Score

1^/10
behavioral5 behavioral6
- Target
  
  desynchronize/tracery.dat
- Size
  
  705KB
- MD5
  
  e3ba07b37f9362e47507abe916f77021
- SHA1
  
  fe94834eea17120235a55fc1713786261a6ec571
- SHA256
  
  484d94099a787f19a0b2a5d454c596a9a312cdb18e38183548e3001a3785abc0
- SHA512
  
  026000171a0e558d0fbd70406410cf1bbfa3b2f27e1f05680f5f4b4747df40fe7a0c212eda35bb68fa15dfc33b63c7a3823f1fd913ef4c33826518f9a35ae341
- SSDEEP
  
  12288:m1hFLlWXKDqUkyQ8r12OkBlqMv20nxjxRuWRuiOCqvkajw:Kh9FD5pgOkBz1xjxEdiOnvkajw
Score

10^/10

qakbot bb05 1667543522 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral7 behavioral8

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8