qakbot | 6da0c53a3f520cde23dc4e0b9489be9d6d147834710fd819031edd89a25208ac

General

Target

Document#150853(Sep15).zip
Size

367KB
Sample

220915-yse59aeaa3
MD5

bd070cc8ba1f45286c8c09c9bca920d1
SHA1

e56355d32bcdbbd4a372e097cdba90478ea306fe
SHA256

6da0c53a3f520cde23dc4e0b9489be9d6d147834710fd819031edd89a25208ac
SHA512

ff55aa44ffc983ef348328f481518c53d41872b01f74015ccaed14e0b6af74f46999b7fd6f9e92c059c1d5b4037d6f47cb295afe3a73ceb26b12fb1e1614c14c
SSDEEP

6144:VJ2unn+b0nE2nROQEdHsCr+sD7iCC4HnKu+PKS/F3GC4VAOcnH8QIe7TDpswK1cL:VT+Qnfn1Ex+sDVC4H+PfQfAOcHnIe7Tn

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

403.892

Botnet

obama203

Campaign

1663242106

C2

81.131.161.131:2078

217.165.85.223:993

37.210.148.30:995

200.161.62.126:32101

78.100.225.34:2222

119.82.111.158:443

66.181.164.43:443

134.35.13.45:443

193.3.19.37:443

99.232.140.205:2222

197.94.210.133:443

87.243.113.104:995

84.38.133.191:443

14.184.97.67:443

123.240.131.1:443

194.166.207.160:995

78.168.87.170:2222

180.180.131.95:443

41.96.56.224:443

190.44.40.48:995

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Document.lnk
- Size
  
  1KB
- MD5
  
  cee480b77c7665c582fe6c24b34b9ade
- SHA1
  
  44e3006193a226baa2471902da1f196700488254
- SHA256
  
  31497ab051e311572fef879eb9105d234a2875a2e82c6534a973543e23bf746b
- SHA512
  
  cb73d89106436a54718e4313322873213c8eb17a0573d8d1b897dbd86d38a440a9124b7bb4b092196e8c42dd50756f19519b666e4e9a4647d38a4212d267b074
Score

3^/10
behavioral1 behavioral2
- Target
  
  all/andFirst.js
- Size
  
  196B
- MD5
  
  9b60fe8d1bb21283c65cd84ac32ff2ad
- SHA1
  
  df3053be1e4f8c232c67e2402fdb4933b25e6852
- SHA256
  
  affec285dc3e98380b5ad291a1d40816dfe63307ac4a948f0906fd2148db7af4
- SHA512
  
  526036b3de685b600d2f1c9f22c58a7e96c3451ce8626425747ef7c7a06d6de3710ba702d6ce89263663f588e071d8ffb300796d9bf8c39319c38eb3ed01b04e
Score

3^/10
behavioral3 behavioral4
- Target
  
  all/beHow.db
- Size
  
  639KB
- MD5
  
  0a1523d16113828db5a0a5c78cedfa82
- SHA1
  
  80cfffec62a398678e47759191bd320be8052fdd
- SHA256
  
  7ea86e29bf605b4fcf77c3430f39ec8635a03b5f1ed33881cd3b0f5c578d65c9
- SHA512
  
  3a81960d3370e07f9a08a7a93b233cc00e205124d9738c84e20915cd4107e3b5b7fab0d0fe26345fceca43b5a43ae2c4130e39938dd6e0d6a881f4a3389766e8
- SSDEEP
  
  12288:GOSe1J015+z6oZZdf/zxY5lbVQdR84Q7yLCgsy:9j1y5+z6oLdzxmKb8eTs
Score

10^/10

qakbot obama203 1663242106 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6
- Target
  
  all/howGive.bat
- Size
  
  39B
- MD5
  
  1cd55dad2ea12c0e2025989f79db7691
- SHA1
  
  55a594c14079c72ce9d81419fc0224ad454eadd3
- SHA256
  
  1f7ca89c05a96be4dbb19ca894557df62b1f74583eacda95867b76f1785bda1a
- SHA512
  
  6f4aa74bf6adc70ed5c22f62e81f50431ccf8dc432012523026d2c173ea9d64c5ff5bfc87085788f6640253a2f2bae85c6d31ef08a00841121f58ae0c81a281f
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8