qakbot | b82edd7205a215c5cce4ee969d9ca9b542771bf7e8764ce5b04f992dcfba9a0b

General

Target

REF#3908.iso
Size

1016KB
Sample

220928-ts4fmahfcn
MD5

c54aa854dd769bdb588ddd9ecdcd907d
SHA1

a30593dda09e529ddfc223cd4c2b5230c2e334eb
SHA256

b82edd7205a215c5cce4ee969d9ca9b542771bf7e8764ce5b04f992dcfba9a0b
SHA512

5d03e5a7f2e084848029b620507481744c35e09992e96cbc403e9f75c18891cea3590261e55c44672ff7c8a3d8cb3bee746115177bdecb5094e88e7702090aaa
SSDEEP

12288:MBLg7I87oCieL1vc1PdFjpmw5qS6xnGWmE/N285UT+QD1lNMA:MBLg7I87o581IFnqnmEl5w9M

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

403.895

Botnet

obama207

Campaign

1664363417

C2

217.165.146.158:993

41.97.179.58:443

86.132.13.49:2078

197.203.50.195:443

85.245.143.94:443

86.196.181.62:2222

102.190.190.242:995

105.184.133.198:995

179.111.23.186:32101

179.251.119.206:995

84.3.85.30:443

39.44.5.104:995

197.41.235.69:995

193.3.19.137:443

186.81.122.168:443

103.173.121.17:443

41.104.80.233:443

102.189.184.12:995

156.199.90.139:443

14.168.180.223:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  REF.lnk
- Size
  
  1KB
- MD5
  
  38fa8e007b5a303f030aec01aaa0a739
- SHA1
  
  6e99bd47908fc110d963c47301f801a498591bce
- SHA256
  
  e800ed724d43fb522c18bdda737c52dab1a55eda7e45577c2564ad33390a3e3b
- SHA512
  
  44426223d563ad3300bc67bcd1e3b8288592b1c14bf4d740ccd3339533bf1191e81f3bc5f4965f6679344e2554d0a28c9aea5be8ea80a87a432339306f7a2c69
Score

3^/10
behavioral1 behavioral2
- Target
  
  gaffes/actualistsMollusk.js
- Size
  
  148B
- MD5
  
  343cb80cd400649c78995faa09e1c9f8
- SHA1
  
  3a3b123c8cb96c45934cb01fee2e434e982f8e16
- SHA256
  
  ed593fb6ac8e3f6d00d4cd5e1086d07943b7783b43346b0cffd51a06fa76b05c
- SHA512
  
  d2604746d9cf5015434683ae7684234a874063dbd61ae907ec033d2ddd598a388cb69e001efc2795be41c641fad61048ee21dde4c7ce39ba0260e1b029f7835a
Score

3^/10
behavioral3 behavioral4
- Target
  
  gaffes/inhibitedScribbly.cmd
- Size
  
  141B
- MD5
  
  aae4931eb4e22686d5e004f52319adda
- SHA1
  
  225693c1e2d397d42dc89a85a00650bdcaeb8861
- SHA256
  
  f6fa267db75f1ca6c819f721466a05204e1cd9e11a82455106bb8784b867d1fc
- SHA512
  
  1f4888b5dcb8143d60722bcf5c95ce38821d29d7219a570d947833db7a4b7bc12abaee0ded3bae5b32b7e50cc431ca27c989380a56da9a6083ae17159880a2de
Score

1^/10
behavioral5 behavioral6
- Target
  
  gaffes/twinkle.db
- Size
  
  695KB
- MD5
  
  44ee81238a82607f711237d670cb88b2
- SHA1
  
  25f4cbc56d9970d837f8ba3059956db4dbe0e1bd
- SHA256
  
  466484398eb25d42b0e0b095f10590a566610447eb212d1dc7f7bd342e89fe5a
- SHA512
  
  19a9b4e79dc7d2752ae4a3f6d71b3ea8e0ee00022b259bf635e0c2f053ede53b5d7c8b217c232d15df299c47d953d026b3f1fc0af6bfb85fb940ba339f4c4385
- SSDEEP
  
  12288:nieL1vc1PdFjpmw5qS6xnGWmE/N285UT+QD1lNMA:i81IFnqnmEl5w9M
Score

10^/10

qakbot obama207 1664363417 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral7 behavioral8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8