qakbot | bbad923f3102f064ecf37d42f8cbbfffc02266c8bd4636f052b7e8ecf5d78d9f

Sharing

Copy URL

Twitter E-mail

General

Target

bbad923f3102f064ecf37d42f8cbbfffc02266c8bd4636f052b7e8ecf5d78d9f
Size

1014KB
Sample

220919-ks5h9ahbh7
MD5

1a9efce93f302df5d769c2994a38f3a6
SHA1

1df1208c81c620f35cfb7f79b47b6ddac5cab438
SHA256

bbad923f3102f064ecf37d42f8cbbfffc02266c8bd4636f052b7e8ecf5d78d9f
SHA512

f7e262dde416d662437299b2cbf14c5a470c75c7fd19842d0e0bf2d2a3295e21c1d279f29ae744441478edeeddc0f7f348e16cbf040df30991f19f4fa5f80ade
SSDEEP

24576:fwadVwjHYHHWHCrwUwvPwewGHHQkg1H5wbgnSA4j5+/gH9YQUoIs95:fwadVwjHYHHWHCrwUwXwewGHHQkg1H5o

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

403.892

Botnet

obama204

Campaign

1663313119

119.82.111.158:443

134.35.10.207:443

200.161.62.126:32101

70.51.132.197:2222

78.100.228.93:995

78.100.225.34:2222

45.51.148.111:993

186.154.92.181:443

66.181.164.43:443

217.165.85.223:993

70.49.33.200:2222

193.3.19.37:443

41.96.56.224:443

99.232.140.205:2222

88.231.221.198:995

76.169.76.44:2222

68.53.110.74:995

196.64.237.138:443

190.44.40.48:995

72.88.245.71:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Calculation.lnk
- Size
  
  1KB
- MD5
  
  2faf93e37e2149ec7ae5e34d0cd11776
- SHA1
  
  a0c34b74fe1963d7fd087722973597201518f3ef
- SHA256
  
  8deaa2ebfa885a65ee6b444c7ad78fe4929bd43207ffc8294de59f520f056e05
- SHA512
  
  117141c2bf972edf5e27d9de04406c32854285b724ac92071c509efc2b55241b203ce40411af8bfc0afbf2d9b2f5c8222722eb21c520b449dd24e235ad7b415c
Score

3^/10
behavioral1 behavioral2
- Target
  
  look/alsoThere.js
- Size
  
  216B
- MD5
  
  0769476a8d0b51cfe367cfa61de77779
- SHA1
  
  93cf64d74a994fe311fc234e2b3b673665860ecc
- SHA256
  
  3ad606d88ceb522e228027f6b3bc2e614f1fed8ec6d50a435cb96a4ba53daf72
- SHA512
  
  46d98e080f51b0f972ae1d2fd2c28948669e616fed4f4afb7653cc88371f05e93dad2097ebe1f2a092175164ca8e6b9b7b51c69a6be286c9ba80d9681e31cbb6
Score

3^/10
behavioral3 behavioral4
- Target
  
  look/forLook.bat
- Size
  
  40B
- MD5
  
  e1db4cee84ea3e1523a97120a55f8320
- SHA1
  
  10d6450de83ce5f6979744e8d480322ab0492878
- SHA256
  
  31a1c694725a4686449cf63248e5a9e3adbdcd90a6aa80bc6614bf2ecf9d0000
- SHA512
  
  fdfb286b6c2112dfcf010b9130b0055f3481e061a7c0f41cd8bc88a849e30747858913184c7e90bf15a83ceaa3c2038437d6a38f6ba117a2817ee1a064ccd7cf
Score

1^/10
behavioral5 behavioral6
- Target
  
  look/youIn.db
- Size
  
  3KB
- MD5
  
  b83bebd6d4214aaddb333d720a56db15
- SHA1
  
  fe7562e8deb7a4ae47e5183cab2ee6e053a05bc2
- SHA256
  
  d0a3cdc531a3c40b67d9ff093dc96a19db3f5fe52d718468988b67f999b53411
- SHA512
  
  f19788a9417bfb3fed7326e7ff29b690217f354d02912fdf8460f7f0e9a3fe17aeab540f4b014d0996cff22fa9c2aaec73725a50c999f6cefed28d09d6dd2286
Score

1^/10
behavioral7 behavioral8
- Target
  
  more/thisWhich.bat
- Size
  
  44B
- MD5
  
  19fbc10ed6be8a22124544b116dc4613
- SHA1
  
  46b616f72bd8390940f629594f1abc0cbd68b8ce
- SHA256
  
  18ec28c59774203184b5c812d6736285d5b2c93a203a7b006a436cc4535e6a02
- SHA512
  
  1d17a619d84d4d46f82f8175c28c47a828d4923481693216b347bd3d5e7e8c6b5ac7b815c84ca63a8a5646b8a28e30da89fc5f4ee3295d0842e86aeb4848b919
Score

1^/10
behavioral9 behavioral10
- Target
  
  more/whichHe.js
- Size
  
  218B
- MD5
  
  eaef2f279f0182b871e2ab1772b08ee0
- SHA1
  
  79968b132a8b1061c995a855c8f2ebcfbca8b688
- SHA256
  
  f4f5a340a9c6a4b4948e9b335a375219a06d60835aad8ae6ef27c3b7030ad47f
- SHA512
  
  ee75b30e577f8730a14d69fb3dc6fabd91c31d8d86de90596da7388cf8b015115595b447c3046cb6de3dbc448039b2784b381a994b180c00ea4e8d0ac807f405
Score

3^/10
behavioral11 behavioral12
- Target
  
  more/willThing.db
- Size
  
  484KB
- MD5
  
  579a3194390b98e12529d0e1c429994a
- SHA1
  
  5f934ce5e39ca8f34a591067e39c9489f26bf8ad
- SHA256
  
  6e887e8f2f0bc1dcbf1b1fe444bcaf56ca5dcabab3c30bc9a74346e9fcbbf24e
- SHA512
  
  78115fa7e9477577bb02a89955971ec1910b1eb0a5406d981e7d392202ab611dff47dcc6a3fc6ee7ee13faa5081ec5899c9a0f4c66b6057c40ae91624a964004
- SSDEEP
  
  12288:A4/Wg5+3McbgH1yWmG2dOsG8ZoxRZ6s95r:A4j5+/gH9YQUoIs95
Score

10^/10

qakbot obama204 1663313119 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral13 behavioral14

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14