qakbot | 2ebaeeec8d4f6b267d466e1ea0cbcd3e356f422c76f063c26d56131f951d5723

General

Target

RRCG61.zip
Size

319KB
Sample

221208-tqpvfsae25
MD5

353410090167036754a9f6bd372a8909
SHA1

56bfe14cf94a47d31d52f954822b42d9f8c1a955
SHA256

2ebaeeec8d4f6b267d466e1ea0cbcd3e356f422c76f063c26d56131f951d5723
SHA512

118412975687e005dc3eb92764357cb81ef02dc5864d84a57a0b129c2cc3269da1d4d3b3ac3af2a022f03da888b04254e024d5af55d620643ae263477eacd300
SSDEEP

6144:195jJ6PcEjEOyYW/FcPyY/Z7acNXcTlhMCCZp0HnPZRXD7jwKixNSCCqpiQ8C7P:13AItP/FnY/hLMrMCCZp4nRdD7j7i6K1

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

BB09

Campaign

1670238005

C2

76.100.159.250:443

66.191.69.18:995

186.64.67.9:443

50.90.249.161:443

109.150.179.158:2222

92.149.205.238:2222

86.165.15.180:2222

41.44.19.36:995

78.17.157.5:443

173.18.126.3:443

75.99.125.235:2222

172.90.139.138:2222

27.99.45.237:2222

91.68.227.219:443

12.172.173.82:993

103.144.201.62:2078

12.172.173.82:990

173.239.94.212:443

91.169.12.198:32100

24.64.114.59:2222

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  RR.lnk
- Size
  
  1KB
- MD5
  
  a8c38608d5411b88706060ac04d6f21f
- SHA1
  
  1f8567de12ac31b37940759d8439db99787b3365
- SHA256
  
  da709e5848b82144fb05b765600786e8821b32ffb5f6f2022df3ca7a59c4a789
- SHA512
  
  6ea38fe9d735e72d02061d5afeca512794e4ac99af75a886e085e93c0757aa4f024a2edc08e54e87d73944f9cc0e7ba9f75104896f5138806ca55fa391fc0137
Score

10^/10

qakbot bb09 1670238005 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral1
- Target
  
  unutterably/felons.cmd
- Size
  
  208B
- MD5
  
  e8b6b112db6347fd9b664ed8847bcbc3
- SHA1
  
  3cd044d4a9f1dab8c4793e372f3627b1285e964b
- SHA256
  
  b122314f8568bbf5034655f1e17d1dbf2902b7ee7b7a0f27d485bc0d5a55bd0d
- SHA512
  
  78d54bb4d80659992b557792ef824ce60ede9b055bd59a3a74871655c1d8d66cefd5414ee448c7a87810361051e3ef89f3307565241f77d09a560c35849f222c
Score

1^/10
behavioral2
- Target
  
  unutterably/offered.cmd
- Size
  
  295B
- MD5
  
  9673b66b99505d53c42d4a7e1fc4f034
- SHA1
  
  d0bb45562f93e8776eedd2789718b82822ffd597
- SHA256
  
  cebf4e464cc6623e3c72f593ec96888032a1266085fdc215e436650e3dbeca5f
- SHA512
  
  43a0fab7fcf24aebcac3cfe48564b6f7f298e66be9d21cf1c544edf120f584f60ca271fae8878774c0f541f68b24cc02c492d3a0711e3494fda38087f0d05bc9
Score

1^/10
behavioral3
- Target
  
  unutterably/swam.tmp
- Size
  
  497KB
- MD5
  
  04339840283f48a2b949dfde31265a2a
- SHA1
  
  c16872ed0c8d65cc433002b97a5666882372dce6
- SHA256
  
  afaa18f35e2e816c73da36bd0c47a278b6fb35655d7fe1adea68235a7ca1a01b
- SHA512
  
  061fb31a7a364ee784c872af684d94c8822c4f2d8c7bae9fc908f61fc6776f9f61c3ba3388225833c92e769ef9bbe944fe9cf0486262278555fa71936f303c57
- SSDEEP
  
  6144:kc0+H0LwX/ei0iPlJgQwggr6cAhMtnEbER8wvyRaY4Gls1yc8UQw8Mz1fu:D06cilJy9tnY+yTbm8UQw8Mzxu
Score

10^/10

qakbot bb09 1670238005 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Qakbot/Qbot

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4