qakbot | 1d3ec9cc32e182fdca13de069d4e2681a053b286f0773fbd894627bff6ab70e8

General

Target

document-81114.iso
Size

926KB
Sample

221121-cp2desfc8t
MD5

8bfcf9472b997a4f7c33f673888c5110
SHA1

cfea3141c2dd595abc363fd12c3bf567451948c2
SHA256

1d3ec9cc32e182fdca13de069d4e2681a053b286f0773fbd894627bff6ab70e8
SHA512

358d6498ee06de239b449731ebb17c50c3486bd03be835381476b3332596e7f09ac26270cbf3b85098c857c33c3860c2c81b2355d40aa00336715274bed17420
SSDEEP

12288:urkpde329VEdv++607q6YP4uo7N9BIegv8JowUShUPw0bcbA4k7pvLCmii4:Kudy29ChzEopQ0Uw1bdSFOI4

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.20

Botnet

BB05

Campaign

1667294768

C2

136.232.184.134:995

65.20.175.208:443

78.161.38.242:443

154.247.31.51:993

50.68.204.71:993

154.247.31.51:995

154.247.31.51:32103

50.68.204.71:995

142.161.120.116:2222

84.35.26.14:995

174.0.224.214:443

181.164.194.228:443

58.247.115.126:995

74.92.243.113:995

74.92.243.113:50000

149.126.159.224:443

68.146.18.15:443

182.66.197.35:443

216.82.134.218:443

186.64.67.44:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  documents-8515.lnk
- Size
  
  2KB
- MD5
  
  61bb624fe3454ea9c9ef8817bc3d5d97
- SHA1
  
  6aac8486122a53e02b3e2ee5c38287402dc98a10
- SHA256
  
  5ffc82a08523f91d2d7f9f63e34b0068a0bf4c4c40941399ed4489af13986191
- SHA512
  
  ce0289321d9c9fe64ae492e32878d523877c2a542c90f3817f3fb9ec8d78b86db67e5caada18591ab88094cd3792c3261f6440d3c41c1b70b0d545e965ec7c8b
Score

8^/10
- Executes dropped EXE
behavioral1
- Target
  
  templates201.png
- Size
  
  421KB
- MD5
  
  c59c67fe5908c2cf67d2a7baf548d317
- SHA1
  
  799f21200be5b863b2e0111185e6b1e11ddddfbd
- SHA256
  
  0f0ee6558b84cbf678049bc076475122e93b1a0e07eef6bf1a4cd1daaf946f22
- SHA512
  
  f6c792404a3cc0f9944da792f2ac3d27052ca721192c675c2512045ed61904cc22dfc32d2d322418d6c9d90a5e7cde6c7c047b8f12a547ca84d3c341afce57df
- SSDEEP
  
  12288:Pkpde329VEdv++607q6YP4uo7N9BIegv8JowUShUPw:Pudy29ChzEopQ0Uw
Score

10^/10

qakbot bb05 1667294768 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral2
- Target
  
  unfeignedness_sitiophobia.png
- Size
  
  135KB
- MD5
  
  49524219dbd2418e3afb4e49e5f1805e
- SHA1
  
  b8cb71c48a7d76949c93418ddd0bcae587bef6cc
- SHA256
  
  c6294ebb7d2540ee7064c60d361afb54f637370287983c7e5e1e46115613169a
- SHA512
  
  9e7d9e9131557608bb7b517d9bfce5448c990bd685e3b0697c33faa313cbec3c2fef7d0bf3a52e9e9d0e9b6fe901e751780e1cd08a90d331375522299d66453e
- SSDEEP
  
  3072:iUyUgVDN5qpYaAGXk7W+fJOUMRc7LLMzJ2DlcBryiXS41L:iUybNmbA4k7pIp6vLMoimii4l
Score

3^/10
behavioral3
- Target
  
  yardland.cmd
- Size
  
  742B
- MD5
  
  ed49c7ea3c968507fe11ac337191c75d
- SHA1
  
  018c0d38ad494e45f5745cd940e6357192c728c8
- SHA256
  
  064ca176fa8e916e260fb6308c1e24654ed2a4dc08208ae8dab1a0ace862094a
- SHA512
  
  575115ebad0dc5eb699367b989859b98e5e51e52f9efa866e6ac969a3f34f9a13f6c3d6314039742c2f399993719eed5ad177f54122851ffd676777345a66102
Score

8^/10
- Executes dropped EXE
behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Executes dropped EXE

Qakbot/Qbot

Executes dropped EXE

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4