qakbot | f86130f5db481a165a9a20aeaf00c3efd66db7f52f7c9ef2efada96ee74f4913

General

Target

Document#207884.iso
Size

716KB
Sample

221006-pms1gshda2
MD5

168c5cbb72c607c4bf81afe2c9628d5e
SHA1

c66636b6edda64524b365606ecc1209e386b389b
SHA256

f86130f5db481a165a9a20aeaf00c3efd66db7f52f7c9ef2efada96ee74f4913
SHA512

9498992d39b610919d72bb4ecdc0b7a0babec8f1350c0fc92ebca2e9d471b7726ce7c193848265643d485442bcb73d84310b45327f802bbf7d2a037b8beccfbf
SSDEEP

12288:YOSe1J015+z6oZZdf/zxY5lbVPdR84Q7yLCgsy:Lj1y5+z6oLdzxmxb8eTs

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

403.892

Botnet

obama203

Campaign

1663242106

C2

81.131.161.131:2078

217.165.85.223:993

37.210.148.30:995

200.161.62.126:32101

78.100.225.34:2222

119.82.111.158:443

66.181.164.43:443

134.35.13.45:443

193.3.19.37:443

99.232.140.205:2222

197.94.210.133:443

87.243.113.104:995

84.38.133.191:443

14.184.97.67:443

123.240.131.1:443

194.166.207.160:995

78.168.87.170:2222

180.180.131.95:443

41.96.56.224:443

190.44.40.48:995

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Document.lnk
- Size
  
  1KB
- MD5
  
  f2c9190770432253163a889e5a46888d
- SHA1
  
  2405b9da4e14cae91bc5283286e5eab68a23b1c0
- SHA256
  
  84de4d7457a8cc16b1af1f90beb7e3e47ab0538887d3768e1f259af2dbcef693
- SHA512
  
  136252fb9315429c74539eb78209e5abbf9ecbb9624bbaba1caab693cb889eaf669f8bd805b2f77e88c6b0cda75f4008feb44037f7b1289ab1cac03486220372
Score

3^/10
behavioral1 behavioral2
- Target
  
  all/couldThan.db
- Size
  
  639KB
- MD5
  
  b337bfa0ed468a0f7b840352a823050e
- SHA1
  
  b6224af6034089b45b34c9b5f957507d605e44b8
- SHA256
  
  aecf846f3ef15c42d7e20ee9fd7e3f93f5f4866db9c99f25f5fc8cc653d04c04
- SHA512
  
  a4c5daecaba6aa1dfdbf7dc634f5a05182faa1c098b01e2672fc34cba9987a4e3b8d772cac4d8d4a6457bbed45eb798de8efccae97adc3c507b3c50bbbd6a52e
- SSDEEP
  
  12288:GOSe1J015+z6oZZdf/zxY5lbVPdR84Q7yLCgsy:9j1y5+z6oLdzxmxb8eTs
Score

10^/10

qakbot obama203 1663242106 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral3 behavioral4
- Target
  
  all/firstGo.js
- Size
  
  196B
- MD5
  
  26bea4e426b2b0d43a90a918b9e52d44
- SHA1
  
  01488628c03d08804447e89b3977d7234abe5f01
- SHA256
  
  8aa17fe5f84ae9963da496d1a5427b9850cdcc7838da44693fb8c7de24817eeb
- SHA512
  
  356dc83bdf63e1a09719268590b46eb7a3d2985eb4f513d71031183887d4813f592977e33fb9f055240de9200acda92cd7c0d476c5f019f03dbb9e56b55c00e1
Score

3^/10
behavioral5 behavioral6
- Target
  
  all/getYear.bat
- Size
  
  43B
- MD5
  
  0fee05f4537f30bfea0352692e74adcf
- SHA1
  
  235c7c782c4bea037c0d06860b727cafb6872d69
- SHA256
  
  43d85095df169a4c34f030c156764d3845da5b5fe0b020f64268ba36e98d1736
- SHA512
  
  c2caa5f7b5fe8ba680aff6714c4212b1dc6c505ae03660848bcc42e508538abcea3872abaa6cd792c2e934b5166dee1e16acb5ab9c44d457ccf18e97f2022b26
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8