qakbot | e8871e0e2d64c2a2cda27d505e489cd85537c1d4a9359ba36b3b2d129e718377

General

Target

e8871e0e2d64c2a2cda27d505e489cd85537c1d4a9359ba36b3b2d129e718377
Size

1.1MB
Sample

220923-g2cytahcej
MD5

e26b95bead80024269c83ea827a9fc43
SHA1

366c91eb7a6f8eaec4d374b4da3437447cb2b613
SHA256

e8871e0e2d64c2a2cda27d505e489cd85537c1d4a9359ba36b3b2d129e718377
SHA512

26833751b3a4ef4aaa1a9a38f3038f22afcd01441038288628dcdd9b23e9aa7a61cd8b0ed9d9caa7ee5799b3b70958ecac84358053e3118ad2dc660dafccb416
SSDEEP

24576:p0hmPu9hXDCXw1ynEjYNAeh4X668JA5w9Mqa:p046RDCA1ydKY

Score

10^/10

qakbot bb 1663698873 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

403.895

Botnet

BB

Campaign

1663698873

C2

173.218.180.91:443

134.35.13.43:443

197.94.84.128:443

70.51.132.197:2222

181.118.183.123:443

189.19.189.222:32101

41.111.1.60:995

70.49.33.200:2222

99.232.140.205:2222

139.228.33.176:2222

193.3.19.37:443

41.99.57.155:443

177.255.14.99:995

31.54.39.153:2078

191.97.234.238:995

105.159.30.48:443

217.165.146.41:993

119.82.111.158:443

66.181.164.43:443

88.245.168.200:2222

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  breezily/registered.db
- Size
  
  849KB
- MD5
  
  e22a4ef15b7c6c9eb884e445cefa2ef9
- SHA1
  
  b9da48940ae7e41de7bc6c0909ab53465d05e3c7
- SHA256
  
  5e5c55c133d644de044f5bcb782b618fd188a1c6ca707298815ab23295fb43c1
- SHA512
  
  3cc653b343d7f972d823e42bda4150c0747f81617b4f795e2724dfa4f0f0f10756fc068feaeedeb69ef7b4bdcd931908c5cfb0f1e8a170925915a771ff1738f8
- SSDEEP
  
  12288:VByskGoWHwa0nZXKlhb/H9TT+iTojfQCA3kptT68JtQrB5UT+QD1lNMABa:SnEjYNAeh4X668JA5w9Mqa
Score

10^/10

qakbot bb 1663698873 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2