qakbot | d2b4f004d88fa1aa8e075ceeb4dc785fcbfb16d5297c7a2e5d36d653fe77d853

General

Target

Learn#4680.iso
Size

686KB
Sample

240320-zmt8naag35
MD5

552c3ee513509efb205ffaa2ee57b5e0
SHA1

6bb645dd2b07e9df32426f256cd56250d6b1b98e
SHA256

d2b4f004d88fa1aa8e075ceeb4dc785fcbfb16d5297c7a2e5d36d653fe77d853
SHA512

5de31ceb9a790a24f96307474d918873a3c3d0b13136371dd8b803a8d16c294b2dc6b59865d080a635694ec65e1baadb631e70d1d6c338e57a76c69bd7e6c249
SSDEEP

12288:Mzxl3goMdrbdJ6wQ8faVO099oBZfZvgWr6:M6Tdf6aAHeZfZv

Score

10^/10

qakbot bb 1664535088 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

403.902

Botnet

BB

Campaign

1664535088

C2

41.107.71.201:443

105.101.230.16:443

105.108.239.60:443

196.64.227.5:8443

41.249.158.221:995

134.35.14.5:443

113.170.117.251:443

187.193.219.248:443

122.166.244.116:443

154.237.129.123:995

41.98.229.81:443

186.48.199.243:995

102.156.3.13:443

41.97.190.189:443

197.207.191.164:443

105.184.14.132:995

196.207.146.151:443

105.158.113.15:443

196.89.42.89:995

86.98.156.229:993

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  LearnS.lnk
- Size
  
  1KB
- MD5
  
  940349f802740d4f3be6d156f83b9bb4
- SHA1
  
  48c5333b1dd31dbe910dbd15b1db0ad0ea0936ae
- SHA256
  
  f910eea03fb6649f038e58932c5636ca80a7fba678a16f0793dbae7e407680b9
- SHA512
  
  aca2cbd5f4fc21a47cf31696e4093458a82401a3ec3cc82fa901de29cef1292765c68eeff099243e83ff249ce97c6eed067b956d9d4c8b4b16d5425cf5108a51
Score

3^/10
behavioral1
- Target
  
  assaulting/baronessSubsided.js
- Size
  
  236B
- MD5
  
  773ef81ef7aeb4e37a6c0a58b212a24e
- SHA1
  
  106508be9c6961046c79400f32bfc66f3e9145f4
- SHA256
  
  8daad84fa544d5a57402c76d492b7d2eb0e4299e7337ef6d0c9b07024b4e9e0c
- SHA512
  
  eecd321e0baaa02718df0c748352813c4230f6805c95c5f67216a3de5e8032463e68fdb1dd8d5d9098535181c8619ca44246a0ed9bdba31e6c237e6c74182cb7
Score

1^/10
behavioral2
- Target
  
  assaulting/milt.dat
- Size
  
  448KB
- MD5
  
  24c89f5383c6dca654f27383b1ec00a3
- SHA1
  
  7766a0a045e56fe16fb5b9e0c5d7c1d047eb36c6
- SHA256
  
  bb2540e27de2b8d3d154fee3efa8e2cbefdf25e5a1d76b4cedf49ac3917a1471
- SHA512
  
  58bffa71d6be31e136c220828ba0565a7e9231e363804beefc66f47653cf80af94bcc5c221444e6f7f1707dbe915279d67c77592ccedc2d5f09b29bc62f39eb3
- SSDEEP
  
  6144:NWlZhgoMdtBYTNSlWBsAOvbd62IYQ8jjHH62uzdMzD9699o9:cl3goMdrbdJ6wQ8faVO099o
Score

10^/10

qakbot bb 1664535088 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral3
- Target
  
  assaulting/testifiersEquivalently.cmd
- Size
  
  104B
- MD5
  
  8006296cc4bf5b5e5f9e3aa63b2f164e
- SHA1
  
  a2c7125717b8325ba5dcd2418a1bcd850eae7a13
- SHA256
  
  21b14d6ccbee2cd651c765ed86cb35a69a77643cd30d6f1abcae2e7d2f3ae59c
- SHA512
  
  48f768d85d8609110a0691d4364b8036ce7e54862d0289801dc86ec0e0c36adc1892d9ece7a7f242742107ee56c9249bdd5a1c3f337173c6b95a8e4e8ff0a875
Score

1^/10
behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4