qakbot | b78da1eba668f0abe0da971a07aa5f90a1f7e2e378d7af507d4e4110cac64f11

General

Target

REJ.zip
Size

797KB
Sample

221017-sn1nhacddk
MD5

6187e0f0ec7f9e9952f23e76d8d4bc73
SHA1

6b1198de91b721f88a7840117945135661540e15
SHA256

b78da1eba668f0abe0da971a07aa5f90a1f7e2e378d7af507d4e4110cac64f11
SHA512

947007b12978660edb6c20bb2f251b236f7172e8e3301586174034e5592ae731a7b13f3ff387098d62b5264c6742f5a122ffa1b98b980d20bc8ecd3ec936e776
SSDEEP

24576:Ah61qjM2mn4aKpTsPD1Un/qwJGKjtR2KBxzpeLMCOIC5pb:WhHmn4aKp81wyw8Kj3x/peLxO35F

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

403.973

Botnet

obama213

Campaign

1665998932

C2

70.173.248.13:443

219.71.108.177:443

206.1.189.186:443

14.246.151.175:443

102.159.77.134:995

200.233.108.153:993

134.35.3.85:443

190.199.186.117:2222

200.155.61.245:995

103.156.237.71:443

176.44.119.153:443

181.56.171.3:995

151.251.50.117:443

163.182.177.80:443

104.202.220.123:443

41.101.92.195:443

190.193.180.228:443

190.204.112.207:2222

41.97.56.102:443

41.69.209.76:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  REJ.lnk
- Size
  
  1KB
- MD5
  
  ee40e21caa8f936641ae47127e862c5b
- SHA1
  
  5a4d014d210f3e3a1ad13ee9cd425cb01fc24943
- SHA256
  
  bd531f46f7c9960f12c50d52f98d3f7cff4e45b865b7c70692743ac7d4ca0864
- SHA512
  
  f2a0dd10fc514caaa32ed30678a9f289c8e5d8351e11efdee2b97baf50cffee406ce427a5a69317e3204a9ef12aab6c61a7fe60bea8bdce91a0876852ea03146
Score

3^/10
behavioral1 behavioral2
- Target
  
  juggles.cmd
- Size
  
  287B
- MD5
  
  efe57aed27c2bbf4838b50159ea2d681
- SHA1
  
  b13e4a69874867d0de66d5fa836bfab2eeee74f6
- SHA256
  
  b86d813aedba63d8d3c2a926790838180adbf941187595cbb0ad6686b8599509
- SHA512
  
  e711875f47f7a4bcbbe2cdea145bdb42dcae4ef303300a8e8bd9991d9b9b85a19c64046daf563d96d3906c526b22ad429d9a6d7060a189eace6e826815a3f62f
Score

1^/10
behavioral3 behavioral4
- Target
  
  sag.dat
- Size
  
  1.6MB
- MD5
  
  73d534a4246265abce8c7fb3971efa7a
- SHA1
  
  4be57bed3bfcf358d17ea77fb3c41eb5f21651c1
- SHA256
  
  d5c09101badefe385972989b017f437a09d417d58a2737be3a2cd0f52083b360
- SHA512
  
  913a2b43639bbed2665b647492ea69515bae99a636dc7104ef726d3ec73ed9c2b89ac2b1dffb1ef347a24880236839f6f3e3586d65a165ee0193e7f0842842a3
- SSDEEP
  
  24576:12gUXd2F9pZ6gGxxuFZ9HpuKt5VIWZypPsHycDizFitRCFvlx1WZXJM5T//82:12gOYNWuFZ9JAEHNWFOWvlD+5M
Score

10^/10

qakbot obama213 1665998932 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

1

T1018

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6