qakbot | c6fc61f377b5822bab522852efbb1c440639a26de2943e934a3af8878fb67b8a

General

Target

fc600017ebd6e3866e6ac4b407962a5f1f9befe4a4b1966874d523fd4a984d31.zip
Size

408KB
Sample

230209-pse1taca7s
MD5

d8b43cb9424fb55a582ea27575aba3c3
SHA1

9e9b58da5bcbfaa7aed4aa95155050e58437f9b5
SHA256

c6fc61f377b5822bab522852efbb1c440639a26de2943e934a3af8878fb67b8a
SHA512

b41f651acab646b08d76fd0409b7adc8a6b5ba4f741b43418c42cf33db173843dbebfb94d44709f075cdfad45ed68c28ebafa2a621db1314c23322a789f851f2
SSDEEP

6144:Uza65hGa//DuHB24ho/28Excp6sO/XIK6/LaI8AI7BvWGjTPcSAF702pZ7xduC:UW65V//K44y/lNG/XghI7Bv1/cT70G9R

Score

10^/10

qakbot bb 1664801691 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

403.902

Botnet

BB

Campaign

1664801691

C2

160.179.220.87:995

186.86.212.138:443

180.180.213.94:995

186.125.93.28:443

31.167.72.198:443

78.162.213.155:443

46.10.105.160:443

41.105.54.8:443

41.108.175.56:443

188.156.85.37:443

94.52.127.44:443

79.168.151.143:443

189.79.27.174:995

179.178.249.16:443

23.225.104.250:443

134.35.11.71:443

197.204.126.136:443

197.205.168.243:443

58.186.75.42:443

41.96.18.5:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  publish/eardrum.dat
- Size
  
  472KB
- MD5
  
  f24a452723c7e5d1f85eab7f5ec7ecd9
- SHA1
  
  2596f834041095c888b45e61ca48df3d4ce3a99d
- SHA256
  
  1abc2fb23f55378947bf528996b50ffed195a059d5f7b537271792704eb5cd4c
- SHA512
  
  a366c9f17df14ac093ea41ec248476a02b70051efacfe4fd654ef5461200bff18dc653d852eb4e2ee8eb722bd3917055bcf85c923dd46e8c262107f71045d56f
- SSDEEP
  
  6144:icJ88bsBZpZKeiJb1pPMkKvHrdTcf7CsHW8kYTRapUQsJT8Td++seeAOA0Y:VJDoBZjFibAOTCs28k2gN/rea0Y
Score

10^/10

qakbot bb 1664801691 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral1 behavioral2
- Target
  
  publish/overawesBets.vbs
- Size
  
  222B
- MD5
  
  c76b3b2c4b00a94c0d3ba19af172b109
- SHA1
  
  fb32b62f23cd48a1688e357c1a19e4417a7674d1
- SHA256
  
  cbec223670da9952147218c69116e45f835a0fbd0e8c1bda3ad71c5c77af6abf
- SHA512
  
  5380950445e22a8a97e1b31a5035fcfe061ad60dcefb0fc0ba10ccc7d4faf0a7a12016a5d36b86e356ff441faa4bba9b6a38127bfeb724c0374a8812802038e0
Score

3^/10
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4