qakbot | 4d6c9c29217933140e7f8bb5014dae7c689fcc788559a9c17fe9a8d9b7abe117

General

Target

Document#869723.iso
Size

716KB
Sample

220915-ybtbjshffm
MD5

50ad8cabee08c42ffd42181835b2e83d
SHA1

8a09c87570f9ad15082f366c7c0350a64edd11b7
SHA256

4d6c9c29217933140e7f8bb5014dae7c689fcc788559a9c17fe9a8d9b7abe117
SHA512

e3aa29f2fd5bde0577c26512d6c2e44174f5eccf3e90c8ad0d56cfac8a9578581576dc211121aeeefc140c0decfe6e8c1dc115b6d86bc6c393899a5ac61faee8
SSDEEP

12288:lOSe1J015+z6oZZdf/zxY5lbV0dR84Q7yLCgsy:4j1y5+z6oLdzxmub8eTs

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

403.892

Botnet

obama203

Campaign

1663242106

C2

81.131.161.131:2078

217.165.85.223:993

37.210.148.30:995

200.161.62.126:32101

78.100.225.34:2222

119.82.111.158:443

66.181.164.43:443

134.35.13.45:443

193.3.19.37:443

99.232.140.205:2222

197.94.210.133:443

87.243.113.104:995

84.38.133.191:443

14.184.97.67:443

123.240.131.1:443

194.166.207.160:995

78.168.87.170:2222

180.180.131.95:443

41.96.56.224:443

190.44.40.48:995

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Document.lnk
- Size
  
  1KB
- MD5
  
  12c0d25dc050a8923ca2f177200dc854
- SHA1
  
  8d81f938bc01a8fa1726883422c1ab8184bc62d5
- SHA256
  
  57472b414977bf0a67b0bea79a41ae7d151a2c1e64a185ec9765dde8e889edd4
- SHA512
  
  4135ef7066af727bcfae62c3f24b12dc1873e6d951a5047d91efc4990125beb4010323a9a25f0ec58a73d13f3fd43c7d7155db3f78572ad5cd00ee616f06a503
Score

3^/10
behavioral1 behavioral2
- Target
  
  all/soThink.bat
- Size
  
  44B
- MD5
  
  8513eac12c527c1d00adaae389b7e8f7
- SHA1
  
  1f2e6ab239c14c4f8f4053b9babefaebb52be08c
- SHA256
  
  5cfe33b720b02cb0b2c5f4010a2835954c88f6b4e35a7f5bf62dfa601ad7e232
- SHA512
  
  96a395935ba1af7d8f82e9fd0454c1471302c9dd56d6974e3f895533ca1720c76ffd66abf000b9660ba8eb7e8f79a801356f3c6ecc8d9f4f6660129b53503720
Score

1^/10
behavioral3 behavioral4
- Target
  
  all/thinkThink.db
- Size
  
  639KB
- MD5
  
  fbcdc3164e6fc424ab50d2e13fbaedfd
- SHA1
  
  86946eb7d43c91fc0ae9ecd05f08742b83dac50e
- SHA256
  
  5f6481db54308ef0270dd9a95f200c4d55e603b8eedf7921487edf1c6173b516
- SHA512
  
  5bdfed2dd24e4d1bddbc194a1f4996b69a19c9b754e5e3a90a4df954b3f9486ef0639887485e0e9bd63378ccb356db5f34f66d874452752497aad6e719edb46b
- SSDEEP
  
  12288:GOSe1J015+z6oZZdf/zxY5lbV0dR84Q7yLCgsy:9j1y5+z6oLdzxmub8eTs
Score

10^/10

qakbot obama203 1663242106 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6
- Target
  
  all/weHave.js
- Size
  
  196B
- MD5
  
  7ba4d2a27ec678f4bbb990d5405191eb
- SHA1
  
  c8291a41346893684317135154c12f3fe69ef1f5
- SHA256
  
  897325b6f7b3ea4571b454befd3f2c3aac8bf60f86d961973c83905df0e2065c
- SHA512
  
  c8c0c3f3368eb90ad3fe41594895aa9e3a530caa3ae1451f812568b9c38434217a981f2a3d193bb69428b8e0c5fe65201cf9528dd5853f4d0ea6d78452ee5497
Score

3^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8