qakbot | 45104d912c3c86218af19238a5baa1d0c22300b51d9f9191af8e66918bdd765f

General

Target

unlatched.db.dll
Size

376KB
Sample

220920-ta2jbadfa5
MD5

27d991cf1ecb8ddaa972fa4aeb03cb8b
SHA1

c1ef9c11b3e5c3bdf5f46709524815136671ad76
SHA256

45104d912c3c86218af19238a5baa1d0c22300b51d9f9191af8e66918bdd765f
SHA512

034438fd017e69300e22b535eafd1c3ec097d0756aab977d5d373a4ad50f19d7fa5df055b586c18ba1e32399dfcd502c5c6165a7e57d7fd723c03c1f49a20e8b
SSDEEP

6144:DT1WOGkH9+qJJHMl3yifLLi0epLihYRl/r82HV9kHpjFWBk3WSc72pQdfPnb4dRG:DsRw9DJpApXQRihGl/ZH8Qg1C

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

403.894

Botnet

obama206

Campaign

1663660089

C2

119.82.111.158:443

66.181.164.43:443

181.118.183.123:443

88.245.168.200:2222

70.49.33.200:2222

193.3.19.37:443

99.232.140.205:2222

110.4.255.247:443

134.35.9.144:443

89.211.217.38:995

64.207.215.69:443

83.110.219.59:993

197.94.84.128:443

177.255.14.99:995

41.103.226.172:443

109.155.5.164:993

190.44.40.48:995

187.205.222.100:443

41.107.78.223:995

191.97.234.238:995

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  unlatched.db.dll
- Size
  
  376KB
- MD5
  
  27d991cf1ecb8ddaa972fa4aeb03cb8b
- SHA1
  
  c1ef9c11b3e5c3bdf5f46709524815136671ad76
- SHA256
  
  45104d912c3c86218af19238a5baa1d0c22300b51d9f9191af8e66918bdd765f
- SHA512
  
  034438fd017e69300e22b535eafd1c3ec097d0756aab977d5d373a4ad50f19d7fa5df055b586c18ba1e32399dfcd502c5c6165a7e57d7fd723c03c1f49a20e8b
- SSDEEP
  
  6144:DT1WOGkH9+qJJHMl3yifLLi0epLihYRl/r82HV9kHpjFWBk3WSc72pQdfPnb4dRG:DsRw9DJpApXQRihGl/ZH8Qg1C
Score

10^/10

qakbot obama206 1663660089 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2