qakbot | 74cecacdb53866bd61c658577e1b1cae5e7601334b92661fcee55bbfdd7c61d7

Sharing

Copy URL

Twitter E-mail

General

Target

ST#9382.iso
Size

750KB
Sample

220919-t9yxgahbd2
MD5

935bc666f7e278035fea57f37457eb46
SHA1

505a22be6accb7c466e6f29772af31764b2abc89
SHA256

74cecacdb53866bd61c658577e1b1cae5e7601334b92661fcee55bbfdd7c61d7
SHA512

f3364fd4320a7be5ca73ad27633970826961a0c18399737225f8c8297326066f3ce56f26e72ed268c5b8f1b1b8147b0f7e067838d97d85028db27cf1652e934d
SSDEEP

12288:IR7wAgTQ5KEZywqKNWL5ALmKXuSH4ZzB0T2WevB7nOb4h7j5f8b4o3gdD:IR7FgTQEEwwZNWOLmKz4Zzq2lQ07jt8U

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

403.894

Botnet

obama205

Campaign

1663572656

41.97.76.61:443

119.82.111.158:443

193.3.19.37:443

70.49.33.200:2222

66.181.164.43:443

109.155.5.164:993

99.232.140.205:2222

78.100.228.93:995

64.207.215.69:443

134.35.13.201:443

86.98.156.218:993

177.255.14.99:995

68.224.229.42:443

190.44.40.48:995

187.205.222.100:443

41.111.77.115:995

196.64.239.93:443

100.1.5.250:995

194.166.205.204:995

88.232.207.24:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  ST.lnk
- Size
  
  1KB
- MD5
  
  ebe6866db9c1b60cb3a3d8aa7e18d176
- SHA1
  
  81c85dc1c5231a6e790fc57e3dc8433bc3fc7961
- SHA256
  
  25476bc501d43ff3935cba41cb8b399fae0ca336f5ebcded09e152cba86dca3a
- SHA512
  
  baa3e0ea9e738db9d781c949e15a2dd3872b154ff16476102ea7806ea60d0daf2d6534f34e514eab74a0f1af84b55b5ad66a297c5d8a5bd03201a4f2ef452bc8
Score

3^/10
behavioral1 behavioral2
- Target
  
  conspicuously/carotene.db
- Size
  
  558KB
- MD5
  
  41991a38d7dc05aaad59d579f98192f5
- SHA1
  
  dc91f35d8e851ad6a93e0cb8e213f7df03507e43
- SHA256
  
  b907a30995face91bcde64f3c423cbc0b024bc320f707e931db09c51a8e8020c
- SHA512
  
  bb3395a322494fcbb6b1bbae9ee6879ab690a4ad4601d2a2ca8f941007bcc04e9b4af2f211a19294a7c04135dbe3e6628a359b70bbe93264feb7ade2da1ddb3a
- SSDEEP
  
  12288:lR7wAgTQ5KEZywqKNWL5ALmKXuSH4ZzB0T2WevB7nOb4h7j:lR7FgTQEEwwZNWOLmKz4Zzq2lQ07j
Score

10^/10

qakbot obama205 1663572656 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral3 behavioral4
- Target
  
  conspicuously/conveysNominates.js
- Size
  
  301B
- MD5
  
  9e15fc65227edee2d301f6d0d591141d
- SHA1
  
  1174a20a34ef94bfbe7cba3328118630be654639
- SHA256
  
  5a61e6c94fbd06571de54768d91dde4a26ae36dc92b557c2a18f34bbebd079ec
- SHA512
  
  f6837c44db27f93996a1307758a6e465d51a4a443ea1b0c3c689145ea92658f70d0e211ea97e20c3596db67f9527b03e655aafb4bece5594e7643f9df112c6a6
Score

3^/10
behavioral5 behavioral6
- Target
  
  conspicuously/unwiseDowdily.cmd
- Size
  
  47B
- MD5
  
  7c399af805e157a6e07c0a200c89a122
- SHA1
  
  c5547c3ec354ce87352c2a7a5411e8f49f419a73
- SHA256
  
  8f9716489e96a96ee46792d38286bc2b1b6e0070064dd19c727d373ea913a2b0
- SHA512
  
  c0815509eb64ea65ae0ed62e90296c78786e2b85595a7f9ac8b62b3deaa0765743fd966d5b3deafe35f96b7c37b55006f9c36cd3cd48262ae301a30ce9d0f1cf
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8