qakbot | 504d1d0d80751825c8a2a2994b0a5a2ae65ae7072838b3ef144e0991c540fe09

General

Target

fc600017ebd6e3866e6ac4b407962a5f1f9befe4a4b1966874d523fd4a984d31.zip
Size

408KB
Sample

230209-pr3qgsca5z
MD5

0d188cf4a01f016f051d41462e647c28
SHA1

139854cd50ea17bca5deb6614d656663b856cb8a
SHA256

504d1d0d80751825c8a2a2994b0a5a2ae65ae7072838b3ef144e0991c540fe09
SHA512

723df3356ccec20421741e56267cfccdf1170cdf3ba616275cdc88a3d6f048ac9c22b8bd4a81d5c8f233fd1098f510ca256a0f99fa22ac24c9409bc0d301b59d
SSDEEP

12288:it9eli2T4sHFDG91JXyhaBFLdCHKePqKcHjj0:iHMn4k9G91khaBFLMdjcHjj0

Score

10^/10

qakbot bb 1664801691 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

403.902

Botnet

BB

Campaign

1664801691

C2

160.179.220.87:995

186.86.212.138:443

180.180.213.94:995

186.125.93.28:443

31.167.72.198:443

78.162.213.155:443

46.10.105.160:443

41.105.54.8:443

41.108.175.56:443

188.156.85.37:443

94.52.127.44:443

79.168.151.143:443

189.79.27.174:995

179.178.249.16:443

23.225.104.250:443

134.35.11.71:443

197.204.126.136:443

197.205.168.243:443

58.186.75.42:443

41.96.18.5:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Contract.lnk
- Size
  
  1KB
- MD5
  
  cac85747caa16dacc64840fef1dbacd7
- SHA1
  
  9f66be46a382c1408e097327078d0eec771a4ea5
- SHA256
  
  436d64ee09b0489cbf5231a015de1f8cb5e985045c6db6f94fed27aa0e6db194
- SHA512
  
  087c496bfcd9e145d402157638c8c83e6abb21cf5441cbea81466a6e3cb7c233ebaf5da9d42e9512d23ff56bb391c1bea323dd7adedb5da63f054059c14f3510
Score

4^/10
behavioral1
- Target
  
  publish/eardrum.dat
- Size
  
  472KB
- MD5
  
  f24a452723c7e5d1f85eab7f5ec7ecd9
- SHA1
  
  2596f834041095c888b45e61ca48df3d4ce3a99d
- SHA256
  
  1abc2fb23f55378947bf528996b50ffed195a059d5f7b537271792704eb5cd4c
- SHA512
  
  a366c9f17df14ac093ea41ec248476a02b70051efacfe4fd654ef5461200bff18dc653d852eb4e2ee8eb722bd3917055bcf85c923dd46e8c262107f71045d56f
- SSDEEP
  
  6144:icJ88bsBZpZKeiJb1pPMkKvHrdTcf7CsHW8kYTRapUQsJT8Td++seeAOA0Y:VJDoBZjFibAOTCs28k2gN/rea0Y
Score

10^/10

qakbot bb 1664801691 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral2
- Target
  
  publish/overawesBets.vbs
- Size
  
  222B
- MD5
  
  c76b3b2c4b00a94c0d3ba19af172b109
- SHA1
  
  fb32b62f23cd48a1688e357c1a19e4417a7674d1
- SHA256
  
  cbec223670da9952147218c69116e45f835a0fbd0e8c1bda3ad71c5c77af6abf
- SHA512
  
  5380950445e22a8a97e1b31a5035fcfe061ad60dcefb0fc0ba10ccc7d4faf0a7a12016a5d36b86e356ff441faa4bba9b6a38127bfeb724c0374a8812802038e0
Score

1^/10
behavioral3
- Target
  
  publish/supernumerariesUnlearned.cmd
- Size
  
  61B
- MD5
  
  858d6caff0d99314e50811f7e4e20313
- SHA1
  
  821b4963f3bc7c710f6e04bd5cc2873e5b883b2f
- SHA256
  
  d69bf87afeb7d903bbdd095ebd66c0bbe963abc27b584c81fa9083394014ce43
- SHA512
  
  bf1f7d36268dcb1416b44cef265a4140047ba02ad0f187495c5ee5dd37ed7f179540918668a5ab8e7f3afb6b415757f459a1a7c5ad2a2aaac539fc3c05d6e931
Score

1^/10
behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

3

T1082

Query Registry

2

T1012

Peripheral Device Discovery

1

T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4