qakbot | 0a27ebf898554fd69d06b065519d39588578872a7fc478fdf673d944e1f10d93

Sharing

Copy URL

Twitter E-mail

General

Target

0a27ebf898554fd69d06b065519d39588578872a7fc478fdf673d944e1f10d93
Size

1014KB
Sample

220919-ks235ahbg3
MD5

7781796fca643e7b3aa430585ceea53a
SHA1

982237a7a0050836c61d8d3050726f867eb73d5c
SHA256

0a27ebf898554fd69d06b065519d39588578872a7fc478fdf673d944e1f10d93
SHA512

60007f85f913926fd7760c8e856eac1ec4395c3782cdef7d7d9e0a53c4965e5ee621c0bf870ca14a524520407b46eb90101b582cb5408f1738e6333d440051c2
SSDEEP

24576:EwadVwjHYHHWHCrwUwvPwewGHHQkg1H5wbgnSM4j5+/5H9YQUoIs95:EwadVwjHYHHWHCrwUwXwewGHHQkg1H5T

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

403.892

Botnet

obama204

Campaign

1663313119

119.82.111.158:443

134.35.10.207:443

200.161.62.126:32101

70.51.132.197:2222

78.100.228.93:995

78.100.225.34:2222

45.51.148.111:993

186.154.92.181:443

66.181.164.43:443

217.165.85.223:993

70.49.33.200:2222

193.3.19.37:443

41.96.56.224:443

99.232.140.205:2222

88.231.221.198:995

76.169.76.44:2222

68.53.110.74:995

196.64.237.138:443

190.44.40.48:995

72.88.245.71:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Calculation.lnk
- Size
  
  1KB
- MD5
  
  dd7c75c4bc50a3426a5d2bc95495c62f
- SHA1
  
  ef3a153e7bd8c2d50a1c3a71a875bd63a6fed556
- SHA256
  
  3beac9add395e035bbd8d739a1a0f006bce3131c1e5f60954137c0e9571e789c
- SHA512
  
  d66dd3aa96476616995c9b437dd6eef98b9ab349222879ebfc49dcf9fd5b7d79bf2b1dc3b81867353f57cf824b3fb05985527d11350d458acade44277a800bad
Score

3^/10
behavioral1 behavioral2
- Target
  
  look/alsoThere.js
- Size
  
  216B
- MD5
  
  0769476a8d0b51cfe367cfa61de77779
- SHA1
  
  93cf64d74a994fe311fc234e2b3b673665860ecc
- SHA256
  
  3ad606d88ceb522e228027f6b3bc2e614f1fed8ec6d50a435cb96a4ba53daf72
- SHA512
  
  46d98e080f51b0f972ae1d2fd2c28948669e616fed4f4afb7653cc88371f05e93dad2097ebe1f2a092175164ca8e6b9b7b51c69a6be286c9ba80d9681e31cbb6
Score

3^/10
behavioral3 behavioral4
- Target
  
  look/forLook.bat
- Size
  
  40B
- MD5
  
  e1db4cee84ea3e1523a97120a55f8320
- SHA1
  
  10d6450de83ce5f6979744e8d480322ab0492878
- SHA256
  
  31a1c694725a4686449cf63248e5a9e3adbdcd90a6aa80bc6614bf2ecf9d0000
- SHA512
  
  fdfb286b6c2112dfcf010b9130b0055f3481e061a7c0f41cd8bc88a849e30747858913184c7e90bf15a83ceaa3c2038437d6a38f6ba117a2817ee1a064ccd7cf
Score

1^/10
behavioral5 behavioral6
- Target
  
  look/youIn.db
- Size
  
  3KB
- MD5
  
  b83bebd6d4214aaddb333d720a56db15
- SHA1
  
  fe7562e8deb7a4ae47e5183cab2ee6e053a05bc2
- SHA256
  
  d0a3cdc531a3c40b67d9ff093dc96a19db3f5fe52d718468988b67f999b53411
- SHA512
  
  f19788a9417bfb3fed7326e7ff29b690217f354d02912fdf8460f7f0e9a3fe17aeab540f4b014d0996cff22fa9c2aaec73725a50c999f6cefed28d09d6dd2286
Score

1^/10
behavioral7 behavioral8
- Target
  
  more/nowUp.js
- Size
  
  218B
- MD5
  
  83a12bb52e0808fe520d1d5df455e6f1
- SHA1
  
  58626291cc37efc9126d3b77f783572066158c16
- SHA256
  
  feee9f805af5006c8ae41af2ddbae1757d24bf5dcecc44be649a563cfc548b39
- SHA512
  
  b2aef47bd56dca1f5a34b42e1b429e2672ca033ec61eca9ca4f914a32abb7e9b31ec62bdbaae8a1f42fb20de5128d4193e68f4a0ebd721d1ca93471c18df1d72
Score

3^/10
behavioral9 behavioral10
- Target
  
  more/whatThere.bat
- Size
  
  43B
- MD5
  
  0e1a26d2dcd76b5f8bf70f3dafc9dae0
- SHA1
  
  01f6f73782940fd8c30b4ee6966290217a6892c0
- SHA256
  
  89dea2b05fe82da395830d7c83abc6795cf022a234824c653d6e2dc72079dd2c
- SHA512
  
  56d0742c1387438947aa80d5bec30cd227a9295d9d0d13785b5e1d172dda034a18f450bb8e7152a08f14335eb7eb3463ec603bae0d40efcc95568f09b7430c33
Score

1^/10
behavioral11 behavioral12
- Target
  
  more/wouldDay.db
- Size
  
  484KB
- MD5
  
  af4cbaadd04245f0b369e0d8ef70b1e9
- SHA1
  
  716929571dce5392ab807e245c173e7db3958c14
- SHA256
  
  99c6a890e51789f07a0e1f8d626e60ee5b4cb2eaf91ece3b5d0b13f21ea07cee
- SHA512
  
  7110a1187c68be37d7a4e8745983f18fbed87a5301facaefde6b32e4bfafe9e7c00596151f18b29e1d8bb75a6ab9490f4508a94e8aacf85308ee18f22f829ccc
- SSDEEP
  
  12288:A4/Wg5+3Mcb5H1yWmG2dOsG8ZoxRZ6s95r:A4j5+/5H9YQUoIs95
Score

10^/10

qakbot obama204 1663313119 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral13 behavioral14

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14