qakbot | 571223ae7a44916fb588d36f01183b8798aa5d6800afb392b7de95fab70a3f03

Sharing

Copy URL

Twitter E-mail

General

Target

Claim_Copy_2259.iso
Size

798KB
Sample

220920-w9awrahgcn
MD5

53944f2aeea083db5a93fc53052029ff
SHA1

e83bdce318f0791910816235e1ee2dc06aaf8df8
SHA256

571223ae7a44916fb588d36f01183b8798aa5d6800afb392b7de95fab70a3f03
SHA512

e74582ce5d3b5624e28f3bb28c7ef906729bbd55c15d5b3bb08589aa4a281e16873405cab14e8c9ab90993087e120b4f12760dd11758c12d663531106931f9c2
SSDEEP

12288:ejmIay70uFIkET/CgsRw9DJpApXQRihGl/Zk8Qg1C:ejmIay71jcYRw9DvOAllFQwC

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

403.894

Botnet

obama206

Campaign

1663660089

119.82.111.158:443

66.181.164.43:443

181.118.183.123:443

88.245.168.200:2222

70.49.33.200:2222

193.3.19.37:443

99.232.140.205:2222

110.4.255.247:443

134.35.9.144:443

89.211.217.38:995

64.207.215.69:443

83.110.219.59:993

197.94.84.128:443

177.255.14.99:995

41.103.226.172:443

109.155.5.164:993

190.44.40.48:995

187.205.222.100:443

41.107.78.223:995

191.97.234.238:995

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Claim_Copy.lnk
- Size
  
  1KB
- MD5
  
  fd8d5ddae2e716647f85eec30a0d18fa
- SHA1
  
  d5a831851f5c8c7fa8d073cf9a2e19b8369a493f
- SHA256
  
  23fec27cea552e6731dcacb859af2894800e2d68d144731a5c70b14c257f7b68
- SHA512
  
  f86e4a8dd3619814595d1d0fc2a49073a21d76bf3bee6956346d5ccdddecd5cdc6e2a5a8b9b8752806942a720f0806d487dde3d89e93b874a83a6bb9ba221d23
Score

3^/10
behavioral1 behavioral2
- Target
  
  fathomed/beaujolaisTraditionalized.js
- Size
  
  189B
- MD5
  
  4d43cb5f26c85422173ab520cd403cce
- SHA1
  
  d44be1685e9bcda7a5a22a3fd3de127152121af6
- SHA256
  
  3cb43ba70696688a381574d12564c1440566daa58cd026103a564cb754ecc785
- SHA512
  
  09d540f61fde812db7817c3f347c70a501d45440db849d59a892072c9be8b470ed0be4a5a2a35db85e4fd6fbf5a7084581cdd7e723d7501c3625415ae67bd651
Score

3^/10
behavioral3 behavioral4
- Target
  
  fathomed/polarizedFlowerpots.cmd
- Size
  
  155B
- MD5
  
  1967f0a54a075d5e65b21d90898aa358
- SHA1
  
  0166704142df570b4807eeb534eb02d20bfc023b
- SHA256
  
  97da78c5a5627656024a80202c0d177c01320192e9273faa04a8676e0229a375
- SHA512
  
  f065bfc9794c75410aa72ba4fea0075fc92b333753f84824f9aa6bc5e89ab2c11a9c23190a315ea39821fa45afe108ba21fc0026ebc4b98cc984d46235d49c48
Score

1^/10
behavioral5 behavioral6
- Target
  
  fathomed/sausage.db
- Size
  
  376KB
- MD5
  
  40945c56e36ac01e17593eaf1653e08b
- SHA1
  
  2034508ded03cb2550dda3f9823b73f083aa1ee9
- SHA256
  
  14f1fb2d9cae7bb14048ee594d92bdbbba010ffcd43b73201864f87d1c8343af
- SHA512
  
  ec62579717da170c43082cc9185c2dca43f6ec34d54cc47d7e855e2072f09fa985341dfe19f686f5c026655bf97cef0c9bfd07f7fb93da963d1440dde2b01ab4
- SSDEEP
  
  6144:DT1WOGkH9+qJJHMl3yifLLi0epLihYRl/r82HV9kHpjFWBk3WScg2pQdfPnb4dRG:DsRw9DJpApXQRihGl/Zk8Qg1C
Score

10^/10

qakbot obama206 1663660089 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral7 behavioral8

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8