qakbot | 5da419dfaf4641d6e81507fad0737895f52ac08abb4dcf1ea50dd60133963799

Sharing

Copy URL

Twitter E-mail

General

Target

Claim_Copy_3984.iso
Size

798KB
Sample

220920-tagh5shbfj
MD5

9f665545060568e4b7facdd639132ff3
SHA1

4a61ec612915b077ec97544611776a6b084476b2
SHA256

5da419dfaf4641d6e81507fad0737895f52ac08abb4dcf1ea50dd60133963799
SHA512

164a8759102b8d542c7150c91b4e62bc1e85db4d0e07fe548d9647943832d4ef57a3473014d7d9043b6c4ecd836759c34a4936695ffc94bacd12fac07084ca06
SSDEEP

12288:7jmIay70uFIIET/CHsRw9DJpApXQRihGl/ZH8Qg1C:7jmIay71XczRw9DvOAlleQwC

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

403.894

Botnet

obama206

Campaign

1663660089

119.82.111.158:443

66.181.164.43:443

181.118.183.123:443

88.245.168.200:2222

70.49.33.200:2222

193.3.19.37:443

99.232.140.205:2222

110.4.255.247:443

134.35.9.144:443

89.211.217.38:995

64.207.215.69:443

83.110.219.59:993

197.94.84.128:443

177.255.14.99:995

41.103.226.172:443

109.155.5.164:993

190.44.40.48:995

187.205.222.100:443

41.107.78.223:995

191.97.234.238:995

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Claim_Copy.lnk
- Size
  
  1KB
- MD5
  
  6f212331b1bfde2ae358edc047af6596
- SHA1
  
  d309c9ad7917e16e353a525fa870a6a7e5d58756
- SHA256
  
  649b699dbe141707765cfbba6386ebd1301121b9ceb3a086183e1f774cd79781
- SHA512
  
  c75797ff93b635ab01b501c282cb55015163d42436cb3d2ac5bbe7ace7fae52f683a4ff04fab580d00ac064d61a3e7a33b6bba37504d8ba3debe6d6097540acd
Score

3^/10
behavioral1 behavioral2
- Target
  
  fathomed/conicColleens.js
- Size
  
  212B
- MD5
  
  a2daafb1de5131cfeab3e523c7d688d2
- SHA1
  
  926fa6434a47aed53c4bebf1b55beae7d59204e9
- SHA256
  
  ff5497c9efa17ac4549d985306caa5e753b3c063f1015c32e011fb8cf0b1bf24
- SHA512
  
  e46152b1c954fadc464056fe5a5f1ac6a0ed77f9ea8bc216a15c2586d75cd55e4bb62fafb8695e6b56fa59e1e07d5aa2daaf98fdb902b9351c93730dfefcdd52
Score

3^/10
behavioral3 behavioral4
- Target
  
  fathomed/stationeryMature.cmd
- Size
  
  197B
- MD5
  
  59b9db51cd4f9af6dae9df632179eafc
- SHA1
  
  c9d5536ca1e4655982904ade765b012794693091
- SHA256
  
  b913391003b921a65fe7d4d452614c5ff61487c3eee39d5d9c08c1e581fc466a
- SHA512
  
  4fae7d537ca64e929732950f5c1b7497ea8ed199409f8e9407ba22ca486e346d7cc5e9052a12fa3628e0d6684657774f8e06ccda8f3ca32d6f5b7e53fedf8b65
Score

1^/10
behavioral5 behavioral6
- Target
  
  fathomed/unlatched.db
- Size
  
  376KB
- MD5
  
  27d991cf1ecb8ddaa972fa4aeb03cb8b
- SHA1
  
  c1ef9c11b3e5c3bdf5f46709524815136671ad76
- SHA256
  
  45104d912c3c86218af19238a5baa1d0c22300b51d9f9191af8e66918bdd765f
- SHA512
  
  034438fd017e69300e22b535eafd1c3ec097d0756aab977d5d373a4ad50f19d7fa5df055b586c18ba1e32399dfcd502c5c6165a7e57d7fd723c03c1f49a20e8b
- SSDEEP
  
  6144:DT1WOGkH9+qJJHMl3yifLLi0epLihYRl/r82HV9kHpjFWBk3WSc72pQdfPnb4dRG:DsRw9DJpApXQRihGl/ZH8Qg1C
Score

10^/10

qakbot obama206 1663660089 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral7 behavioral8

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8