qakbot | 378e6e3c1ffe0619f23450717f32ece7bf2db152e94467c79bb7b28903e8816f

Sharing

Copy URL

Twitter E-mail

General

Target

7654796129.zip
Size

2.5MB
Sample

220628-h7mkwafghk
MD5

5711d4d1e00b549e958b14d6ae16ea7d
SHA1

eebb6151fe8e399721c3be45417f190a7961be2b
SHA256

378e6e3c1ffe0619f23450717f32ece7bf2db152e94467c79bb7b28903e8816f
SHA512

8b87c287793d85271f56d49d9a746f3f79317391af5d3acbc120bc03a48caac67d37e398f2f16a59ca62725f71f9c7c0fc4663a61017cd86b58cfe9ae37951bf

Score

10^/10

qakbot aa obama192 obama193 1655969261 1656010579 1656051427 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

403.780

Botnet

Campaign

1656051427

217.128.122.65:2222

24.43.99.75:443

67.209.195.198:443

208.107.221.224:443

70.46.220.114:443

32.221.224.140:995

88.241.122.55:443

186.90.153.162:2222

148.64.96.100:443

197.87.182.93:443

39.44.30.209:995

67.165.206.193:993

118.161.2.13:995

111.125.245.116:995

104.34.212.7:32103

86.200.151.188:2222

41.228.22.180:443

94.59.15.180:2222

24.178.196.158:2222

182.191.92.203:995

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Extracted

Family

qakbot

Version

403.780

Botnet

obama192

Campaign

1655969261

100.38.242.113:995

94.59.252.166:2222

74.14.5.179:2222

71.13.93.154:2222

193.253.44.249:2222

108.60.213.141:443

45.241.231.78:993

217.128.122.65:2222

40.134.246.185:995

1.161.124.241:443

70.46.220.114:443

24.43.99.75:443

32.221.224.140:995

80.11.74.81:2222

31.215.184.140:2222

39.49.85.29:995

67.209.195.198:443

186.90.153.162:2222

148.64.96.100:443

67.165.206.193:993

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Extracted

Family

qakbot

Version

403.780

Botnet

obama193

Campaign

1656010579

104.34.212.7:32103

86.200.151.188:2222

41.228.22.180:443

94.59.15.180:2222

45.46.53.140:2222

189.78.107.163:32101

24.178.196.158:2222

179.158.105.44:443

37.34.253.233:443

47.23.89.60:993

176.45.232.204:995

120.150.218.241:995

38.70.253.226:2222

40.134.246.185:995

5.32.41.45:443

72.252.157.93:990

72.252.157.93:993

24.55.67.176:443

93.48.80.198:995

100.38.242.113:995

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  1b64ce64b4aa35ebe9259cf56cd159f0cd3220dc0cceb8c0ed5eec14a25a1963
- Size
  
  700KB
- MD5
  
  3bfc926058e162af3b5302b22a83fd9c
- SHA1
  
  83aa84133fac2d8069dceb21c803d93394512dde
- SHA256
  
  1b64ce64b4aa35ebe9259cf56cd159f0cd3220dc0cceb8c0ed5eec14a25a1963
- SHA512
  
  db94313d4fa4272ff9611326ec9407d78782c04dbbf5051b288f1b290901f9a950c7d62b133254a07d52318e71a6dae17911cb904db2b6b13e8441d1ec58760d
Score

10^/10

qakbot aa 1656051427 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral1 behavioral2
- Target
  
  2e7d8a7a7f1a877a9dec37a737bbe44abf8a836c75ea01d0bc8630e0d2432ae5
- Size
  
  699KB
- MD5
  
  f83e99183d266df77f2ba184bd693b3e
- SHA1
  
  eef3f215bab3b2034e2147cc05d776db568b38fc
- SHA256
  
  2e7d8a7a7f1a877a9dec37a737bbe44abf8a836c75ea01d0bc8630e0d2432ae5
- SHA512
  
  d2ebbf2d15f93ac132dda79408b5a7bcff154ed03fdb3e034974b8b54f0f4660ad5c4a3b5894806220542d8d78c27840a17825b67333b236bf346239e23c5993
Score

10^/10

qakbot aa 1656051427 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral3 behavioral4
- Target
  
  31cbe636cc468d93f6cf7e2f53cea08786045003197db953dfc760b8e981ff36
- Size
  
  335KB
- MD5
  
  0826eb256c88326e3cf600c4b4599692
- SHA1
  
  ff219c09dfda55705dd10edc3532ff5937639a98
- SHA256
  
  31cbe636cc468d93f6cf7e2f53cea08786045003197db953dfc760b8e981ff36
- SHA512
  
  0afae206cba945a41679f39295ec522678a993bed0b973acc60e8977a17abf7b8914b6a4e765fa4fa359394337a8fdcd3cf2289e5747f5f5ff064c93bd496edb
Score

10^/10

qakbot obama192 1655969261 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6
- Target
  
  5d4dd91eb1e6f3f3e993db20e2edb1bb0201b0e83dfb5e091014c48f32a13960
- Size
  
  386KB
- MD5
  
  e42ed7c951af4e1109de36808fd0f91f
- SHA1
  
  9c1cca088ac46043cd87777d5cf6bc24228c3c9a
- SHA256
  
  5d4dd91eb1e6f3f3e993db20e2edb1bb0201b0e83dfb5e091014c48f32a13960
- SHA512
  
  e407aae095f653ec846d67cc72c56a00fc2c78c6a0563d5cd4f67b6189cf03c922c1a97735d7b3dd575394ac02bd3ac29760c310f8d9a679ee1bbad18c61cc79
Score

10^/10

qakbot obama193 1656010579 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral7 behavioral8
- Target
  
  67e1aae48afbbd3355bc2a4c1ffd37226f8fd4bad214287780d81da203358bb5
- Size
  
  335KB
- MD5
  
  eab5510af5bf9d8779238711e163e9cc
- SHA1
  
  b04213283954991b96bbaeea042ec6d3f7d2872c
- SHA256
  
  67e1aae48afbbd3355bc2a4c1ffd37226f8fd4bad214287780d81da203358bb5
- SHA512
  
  2847b618e6d447f30c84b52b1b1e004ab350e669b8b1113dc368999915467040420938a1696af22cc20b115bf5e095805737751864cadf0d7808675585c1ec5f
Score

10^/10

qakbot obama192 1655969261 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral9 behavioral10
- Target
  
  68be7eda8ae69f09fbd32f748a93187ed0374ff237e9160af7c495bfb252749c
- Size
  
  386KB
- MD5
  
  7730f4984f3da8bdfc5561edd2d67f9c
- SHA1
  
  164e0b1fca59510c8ec85011177353e035c6b414
- SHA256
  
  68be7eda8ae69f09fbd32f748a93187ed0374ff237e9160af7c495bfb252749c
- SHA512
  
  c3d073d6251e60e9875437069ed73b3da2f1a7e94f74e21144716a0a92bbdececc08561349efadabb8d711f103a69071d086a216fd51fb6025c46615b930bdd3
Score

10^/10

qakbot obama193 1656010579 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral11 behavioral12
- Target
  
  7f5c0c7b1ee40f554e418c1a834258015fae2f54d754fe5ebbb64a6583a1ed7d
- Size
  
  335KB
- MD5
  
  173d9eec22fb91ba78f2518b9a0c82ec
- SHA1
  
  0dc93e47a48faed932b1228455825ff72a767bde
- SHA256
  
  7f5c0c7b1ee40f554e418c1a834258015fae2f54d754fe5ebbb64a6583a1ed7d
- SHA512
  
  d0fecba418a15ffe93633b8410cdce3d7d3e8fd24a77cbdad2119361034547652d697d9fdf8b83fe10873be52a53051ebc724ef8443333439fd674fd430c3249
Score

10^/10

qakbot obama192 1655969261 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral13 behavioral14
- Target
  
  87d26e587162306b3cf2498062ff787d4dfee16b53e42e814ae76b958a36e967
- Size
  
  704KB
- MD5
  
  5022abe19837e66878e4e4def5d08176
- SHA1
  
  47ba77cd4bf79b75c7ec87977ab4c29bde2604e0
- SHA256
  
  87d26e587162306b3cf2498062ff787d4dfee16b53e42e814ae76b958a36e967
- SHA512
  
  fd70a75856f15a8da335aa5c0f54a04492304c3440a66a885797feee5a2337099dbc4a45080262bf336cf8c1da0a1e314b705601fa39e106c68a2255f981fbf9
Score

10^/10

qakbot aa 1656051427 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral15 behavioral16
- Target
  
  c14868ff988ebcf1bd7a5b64706b7ba677e516bff2695a40956cd8942125189a
- Size
  
  386KB
- MD5
  
  a76d34c6f29624c17ac75399ad4702cb
- SHA1
  
  1ed038bdd2f9cc77f34f9adbbf28216ef7f8dd8b
- SHA256
  
  c14868ff988ebcf1bd7a5b64706b7ba677e516bff2695a40956cd8942125189a
- SHA512
  
  929525919c33a577b906cf5ac81ea60574c36d5060f06289bd77d404faf5932a863aec4fa0b7a355d389acfd638bfcc9bf270dcdc75b21376bc04027cdfe9c0d
Score

10^/10

qakbot obama193 1656010579 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral17 behavioral18
- Target
  
  d3d51a70f5bb0121b6acf5e9cbeb30f1cd00e5975833f1dd71e453c2296bb78c
- Size
  
  335KB
- MD5
  
  c286196db4c036e52eeef422cfd1c422
- SHA1
  
  3e0fe39779ec420c70a689b7d9494379f51f1438
- SHA256
  
  d3d51a70f5bb0121b6acf5e9cbeb30f1cd00e5975833f1dd71e453c2296bb78c
- SHA512
  
  7ef53c65914b8868b598bae43e80c5a8ff68d69aa20a470c75340e688fd3bfd1d6a970819231c5e3b2b4418165abc2368fba170c0bb95ca2237e22123bcb7831
Score

10^/10

qakbot obama192 1655969261 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral19 behavioral20

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

T1053

Persistence

Scheduled Task

T1053

Privilege Escalation

Scheduled Task

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Targets

Qakbot/Qbot

Qakbot/Qbot

Qakbot/Qbot

Qakbot/Qbot

Qakbot/Qbot

Qakbot/Qbot

Qakbot/Qbot

Qakbot/Qbot

Qakbot/Qbot

Qakbot/Qbot

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20