qakbot | 3879da0449c26d57425403ae90cd0d2065b974c1c791d974a9bbd0779f9a68ee

General

Target

norfolk.db.dll
Size

376KB
Sample

220921-t24sragfg7
MD5

482a3d7a420b96a86c7cba3e05b5670b
SHA1

ddc91ac456724770d5cb58ea9f0762f81a295487
SHA256

3879da0449c26d57425403ae90cd0d2065b974c1c791d974a9bbd0779f9a68ee
SHA512

1ce6a340d95dabfc158f721ad7952102ff6670009ac7823abfd21d352d390b4e94a5999df57abee730e6cacb7923dc650f46990ed24ce0c5b6a8212c6ff52826
SSDEEP

6144:DT1WOGkH9+qJJHMl3yifLLi0epLihYRl/r82HV9kHpjFWBk3WScE2pQdfPnb4dRG:DsRw9DJpApXQRihGl/Zg8Qg1C

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

403.894

Botnet

obama206

Campaign

1663660089

C2

119.82.111.158:443

66.181.164.43:443

181.118.183.123:443

88.245.168.200:2222

70.49.33.200:2222

193.3.19.37:443

99.232.140.205:2222

110.4.255.247:443

134.35.9.144:443

89.211.217.38:995

64.207.215.69:443

83.110.219.59:993

197.94.84.128:443

177.255.14.99:995

41.103.226.172:443

109.155.5.164:993

190.44.40.48:995

187.205.222.100:443

41.107.78.223:995

191.97.234.238:995

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  norfolk.db.dll
- Size
  
  376KB
- MD5
  
  482a3d7a420b96a86c7cba3e05b5670b
- SHA1
  
  ddc91ac456724770d5cb58ea9f0762f81a295487
- SHA256
  
  3879da0449c26d57425403ae90cd0d2065b974c1c791d974a9bbd0779f9a68ee
- SHA512
  
  1ce6a340d95dabfc158f721ad7952102ff6670009ac7823abfd21d352d390b4e94a5999df57abee730e6cacb7923dc650f46990ed24ce0c5b6a8212c6ff52826
- SSDEEP
  
  6144:DT1WOGkH9+qJJHMl3yifLLi0epLihYRl/r82HV9kHpjFWBk3WScE2pQdfPnb4dRG:DsRw9DJpApXQRihGl/Zg8Qg1C
Score

10^/10

qakbot obama206 1663660089 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2