qakbot | e2b57121e017b1fea3a3cea65d0d72752ff3993a0981af18a1b765e2cef1c94b

Sharing

Copy URL

Twitter E-mail

General

Target

e2b57121e017b1fea3a3cea65d0d72752ff3993a0981af18a1b765e2cef1c94b
Size

1014KB
Sample

220921-meszeabfem
MD5

efe09a0b950dd6f29a411cf2e33c5cf6
SHA1

f33a243606b99ebcea841feb0d91c4ae6b95272c
SHA256

e2b57121e017b1fea3a3cea65d0d72752ff3993a0981af18a1b765e2cef1c94b
SHA512

009ec37ac9941985c995c994ab0ddb0ba63854ea752ac9ce9cf8d191196209144fbaf12298d3c7d23040b9116c98e4facd705f896c17472020465a02e2e37cc3
SSDEEP

24576:EwadVwjHYHHWHCrwUwvPwewGHHQkg1H5wbgnS24j5+/2H9YQUoIs95:EwadVwjHYHHWHCrwUwXwewGHHQkg1H5E

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

403.892

Botnet

obama204

Campaign

1663313119

119.82.111.158:443

134.35.10.207:443

200.161.62.126:32101

70.51.132.197:2222

78.100.228.93:995

78.100.225.34:2222

45.51.148.111:993

186.154.92.181:443

66.181.164.43:443

217.165.85.223:993

70.49.33.200:2222

193.3.19.37:443

41.96.56.224:443

99.232.140.205:2222

88.231.221.198:995

76.169.76.44:2222

68.53.110.74:995

196.64.237.138:443

190.44.40.48:995

72.88.245.71:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Calculation.lnk
- Size
  
  1KB
- MD5
  
  c5fcb4868f3731290d1f459a88f51818
- SHA1
  
  ef26c48a1c1e47c243f4721eae81596e41c5cffa
- SHA256
  
  16f3dc6ae384410ccb680ef22d1afd78c9620f20e1b5b563c5c01eb18aede36b
- SHA512
  
  26d5251102cda61b25684a236b5900523321f9a20ac9d336a90c85163af54d27f0f4e46a9f32a22dfc145e6d7a53ace038b90e42abee7015971dccbf0d3a6a4a
Score

3^/10
behavioral1 behavioral2
- Target
  
  look/alsoThere.js
- Size
  
  216B
- MD5
  
  0769476a8d0b51cfe367cfa61de77779
- SHA1
  
  93cf64d74a994fe311fc234e2b3b673665860ecc
- SHA256
  
  3ad606d88ceb522e228027f6b3bc2e614f1fed8ec6d50a435cb96a4ba53daf72
- SHA512
  
  46d98e080f51b0f972ae1d2fd2c28948669e616fed4f4afb7653cc88371f05e93dad2097ebe1f2a092175164ca8e6b9b7b51c69a6be286c9ba80d9681e31cbb6
Score

3^/10
behavioral3 behavioral4
- Target
  
  look/forLook.bat
- Size
  
  40B
- MD5
  
  e1db4cee84ea3e1523a97120a55f8320
- SHA1
  
  10d6450de83ce5f6979744e8d480322ab0492878
- SHA256
  
  31a1c694725a4686449cf63248e5a9e3adbdcd90a6aa80bc6614bf2ecf9d0000
- SHA512
  
  fdfb286b6c2112dfcf010b9130b0055f3481e061a7c0f41cd8bc88a849e30747858913184c7e90bf15a83ceaa3c2038437d6a38f6ba117a2817ee1a064ccd7cf
Score

1^/10
behavioral5 behavioral6
- Target
  
  look/youIn.db
- Size
  
  3KB
- MD5
  
  b83bebd6d4214aaddb333d720a56db15
- SHA1
  
  fe7562e8deb7a4ae47e5183cab2ee6e053a05bc2
- SHA256
  
  d0a3cdc531a3c40b67d9ff093dc96a19db3f5fe52d718468988b67f999b53411
- SHA512
  
  f19788a9417bfb3fed7326e7ff29b690217f354d02912fdf8460f7f0e9a3fe17aeab540f4b014d0996cff22fa9c2aaec73725a50c999f6cefed28d09d6dd2286
Score

1^/10
behavioral7 behavioral8
- Target
  
  more/asOr.js
- Size
  
  217B
- MD5
  
  a968bd959f44b2fae5e16314b927a178
- SHA1
  
  18723a7f14d0050cb3841b9b973e4a8c33ddcfd2
- SHA256
  
  f835a6a48b29965655df5f187f8e2938de9398b7d2885584e4bcc43537f29091
- SHA512
  
  ee4ad02d36efdee0c43807089e25743051480db3eaa9c1946b2040b3ac522b8f3fe4690a9429de39048248733aa0c057bf47d59c23723c0030faf3194c7fe80f
Score

3^/10
behavioral9 behavioral10
- Target
  
  more/knowYour.bat
- Size
  
  40B
- MD5
  
  d4c613e20c77b30f8c7ca7cb20b352c4
- SHA1
  
  fff6cf16f72e7cac7b3910d4756e205c58ee1821
- SHA256
  
  8f37edd64e2338f75b97b5ee933f63d1eb12877cdc4a1343abbb9d146fbd2374
- SHA512
  
  d24cd84e2f9f5b83c2a68fbd38a2f69c7044af551f4d6aadd8718094a058a36a23206b150e17099e95f75f6b516eb10e9dfa3d5f7b30620f7ff8cdccec349cb6
Score

1^/10
behavioral11 behavioral12
- Target
  
  more/weNot.db
- Size
  
  484KB
- MD5
  
  b59639b2dc497a55e4c2c0cc2f71684e
- SHA1
  
  474302cffc8f04468e81c5bd53531ad160dde659
- SHA256
  
  7768f5c77fd87836f3b627bd0df72fbf5288f77e3ea538f699d431c720132777
- SHA512
  
  8beb6e66515263f3f57da2dd3212f135f322f73dd7fc15fb432646b74c750cd83219fd808d532d26e94f60cdd1ad970988819dbe8e974bc4c7195e3c85478773
- SSDEEP
  
  12288:A4/Wg5+3Mcb2H1yWmG2dOsG8ZoxRZ6s95r:A4j5+/2H9YQUoIs95
Score

10^/10

qakbot obama204 1663313119 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral13 behavioral14

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14