qakbot | 465c9a01d7776e91e02cbbbdfde15929c6b4cdb92a1e8a10c35867e69d2eeaab

General

Target

0x0006000000016289-57.iso
Size

716KB
Sample

220916-janbksehg9
MD5

cf79392d9419b7e5856041f070891fec
SHA1

8594fdf0c18c682b2c731a8c7a08dd3b956b23ce
SHA256

465c9a01d7776e91e02cbbbdfde15929c6b4cdb92a1e8a10c35867e69d2eeaab
SHA512

6af62aff19d93d3c3626f5bc21a97575f1486c8993f14be65e28723bf9ee3c20d2fe0a0bad88cce76c0a945cfe78a7b10b8c385eeec97b5bfe2f67bdc7bd912e
SSDEEP

12288:ROSe1J015+z6oZZdf/zxY5lbVydR84Q7yLCgsy:kj1y5+z6oLdzxmQb8eTs

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

403.892

Botnet

obama203

Campaign

1663242106

C2

81.131.161.131:2078

217.165.85.223:993

37.210.148.30:995

200.161.62.126:32101

78.100.225.34:2222

119.82.111.158:443

66.181.164.43:443

134.35.13.45:443

193.3.19.37:443

99.232.140.205:2222

197.94.210.133:443

87.243.113.104:995

84.38.133.191:443

14.184.97.67:443

123.240.131.1:443

194.166.207.160:995

78.168.87.170:2222

180.180.131.95:443

41.96.56.224:443

190.44.40.48:995

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Document.lnk
- Size
  
  1KB
- MD5
  
  84e2ca4659fa0524fe86f5088060da5d
- SHA1
  
  ba32f14b9c0aa1642e9f1370285f83f32f6d02c7
- SHA256
  
  c28f912dfe00eb45bf4e91d7812761b30ecbd06c3cc851e8e40626f39abb7f57
- SHA512
  
  38a8a0e3582af87eeff9fd61f6b5ccf5d49eda201ec80b159d3dd53f563f38efd39bfe0f31392d180ddbb923433b22934372cede23caafd7125256c36ea8231f
Score

3^/10
behavioral1 behavioral2
- Target
  
  all/twoWant.db
- Size
  
  639KB
- MD5
  
  bd78eeb7007f2a6681986ad618b4c82b
- SHA1
  
  62433dfefda169dfca16b250ea3b6283a2f91cf7
- SHA256
  
  9f6b385e5808d0b4fc9a77008fe89beedd72827cc61ccf2035b3c2d8374cc6ac
- SHA512
  
  7fa5e8dc6eb129825071197d046bb6985d29951cabbd0110a3690cdfb46361cf1f4e1ce5f69be803b2aa84129da6e6d39251a39704e97be6585b6b59065267cd
- SSDEEP
  
  12288:GOSe1J015+z6oZZdf/zxY5lbVydR84Q7yLCgsy:9j1y5+z6oLdzxmQb8eTs
Score

10^/10

qakbot obama203 1663242106 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral3 behavioral4
- Target
  
  all/wantOne.js
- Size
  
  196B
- MD5
  
  c0248431db913e4969332348856f8c69
- SHA1
  
  5c17a72e463c98de86d3fd38566c633ab79249f2
- SHA256
  
  e84d357ac7ce085e072e9f4ac3a0f6787cb6c5faad6eb02fe7348d68718605f6
- SHA512
  
  e69191201db73181ca81fb62c8ec3cea3a43b0c930531b7754ef0a72ba785b2576a451065886d1caec0199cdde01f5543483c4d014e2054f5cfafbe5fca4ae80
Score

3^/10
behavioral5 behavioral6
- Target
  
  all/whoTake.bat
- Size
  
  41B
- MD5
  
  40cec26409ae7d8d6626e72007d03e34
- SHA1
  
  d56a7ebc903a081cf33e39d60d0264ae2bf63f76
- SHA256
  
  d99f3bdfd6eca475d9ee77fc3727daa0c0a3be61070d285eb291d5dcfbf8f8fb
- SHA512
  
  15f5308b3843322fea311f5f0dcef0074a2eeeada8ebf3431d33b1bd2ca7dc5e32830e61f0249d3a3b94f5dac0bd08dc8ecb9a4e023e58bb8c48e2fa797e4824
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8