qakbot | ce48eba920b7bd99cdee2729df96ea09a88679856106f8c426e5e7a17f670340

General

Target

CB7324.iso
Size

938KB
Sample

221108-p818zsahck
MD5

49a9b4d577ef76d4a55a93c648d78e02
SHA1

ca4d618a689caa2cdfefd349d51307c7264647bb
SHA256

ce48eba920b7bd99cdee2729df96ea09a88679856106f8c426e5e7a17f670340
SHA512

2d888cbda0e6f98f4edad3bc5ca6bdd84ea27bf096d4063f54027c536fecc6f27f3956487cb0759168a22657d74037a8f831a11c377ad83676fc52615447eb04
SSDEEP

24576:fh9FD5pgOkBz7xjxEdiOnvkaj5kpOw6pKHbhgSf:fhfg7xj0iOnHj5kpOw6pKHbhgSf

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.20

Botnet

BB05

Campaign

1667543522

C2

190.199.161.250:993

92.25.139.40:443

157.231.42.190:995

186.73.140.43:443

70.66.199.12:443

216.82.134.218:443

174.77.209.5:443

139.216.164.122:443

91.169.12.198:32100

139.5.239.14:443

50.37.149.215:443

74.92.243.113:995

74.92.243.113:50000

49.175.72.56:443

24.142.218.202:443

136.232.184.134:995

181.118.183.103:443

174.101.111.4:443

47.34.30.133:443

41.44.11.227:995

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  CB.lnk
- Size
  
  1KB
- MD5
  
  821dafc5864e891e06a5b61e8f9d8b51
- SHA1
  
  5184f98eef912a14cf93e0c94ff0972175087bcc
- SHA256
  
  cfc0f440aa49d941679c26d468c7c74c30bc701accbb5e24dd326f611c9f81c1
- SHA512
  
  b446d794e73675d99c2f4fcf17610a53d4f4d71e015496ec46ac0f7cbca4141ef250fa6dffa0505b2c1819793a498c9f0f8f66914ea596f7a2063e28e3c8cba3
Score

3^/10
behavioral1 behavioral2
- Target
  
  desynchronize/ablution.dat
- Size
  
  705KB
- MD5
  
  0927915915b6f7e175c8c7eb8c01c2fc
- SHA1
  
  4565ad80cfbaa39d63f7fd4859d2b873e260d4b4
- SHA256
  
  8bd69f73d1ab94f860e986a181354ba7d0e47f6b4fb6c136340e494c94c2cf2c
- SHA512
  
  853fc4e3871c1a72fdafc84a3beacf0fe78179eeb9d42e25bf8a5f2eb415e401391fec6da278e92caec3dcc40c43b57d89705f1914bf19cc2bff9edb51dfeca6
- SSDEEP
  
  12288:m1hFLlWXKDqUkyQ8r12OkBlqMv2unxjxRuWRuiOCqvkajw:Kh9FD5pgOkBz7xjxEdiOnvkajw
Score

10^/10

qakbot bb05 1667543522 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral3 behavioral4
- Target
  
  desynchronize/dale.bat
- Size
  
  219B
- MD5
  
  613f0f424f1256236b8aad9b10e3e197
- SHA1
  
  fd157878278b8b3c19be32684bd6c465a7f44044
- SHA256
  
  2d158ae0fd459bd2d5b8846f5fa37760c268d6ff054b762167eabc486f30acdb
- SHA512
  
  c3fedc5cba1043a73069fba56afd63422a7fcb7fa1915b2aeeb8a5dac5579ed6114c916cbbc7d8a21b5e17daf34cc3958748a084c6dfc664454aaeba1da11d14
Score

1^/10
behavioral5 behavioral6
- Target
  
  desynchronize/unelectroplated.cmd
- Size
  
  262B
- MD5
  
  2a9ee9a6bbc7d08d6cec794e8606974b
- SHA1
  
  d20eccb0ef766e93273570ef99f2ff3c1acd45b1
- SHA256
  
  3579ea212d075e52a315c16c3b93d09bb0973418d4af101e1980e782adcad8c7
- SHA512
  
  79cf27c9abf1cbab0d2fc05ec359acf9ab30af5f9e2aeb3cbf241fad2a02050904a973fc1b9e1871de5e28e15382174d7cfe782d82d56431fd0bd6cc672bbc64
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8