qakbot | 63602593837d285bb5b3d8d3d9a67204e75861b623afc93e7f7dbeeb297f9a47

General

Target

1.zip
Size

422KB
Sample

221121-ye4xfseb48
MD5

d12081388f749c35f5e9054faa85dd0e
SHA1

a7ac635fbb399df85df09f13bc25a90e823342ff
SHA256

63602593837d285bb5b3d8d3d9a67204e75861b623afc93e7f7dbeeb297f9a47
SHA512

c7824fa785c411cc61984cc77c6c1e97724ead73c260f933b67a24281daa8a3320384a8476286c5cfdc7189a5cb339fa6b1703ba394a1967198a75762597a757
SSDEEP

6144:kESXCVGEgWd7N3YDjnOFleqex4YD+iXE299U5DhS/ryXNMet7Up5Kp+Xk6dP7wX:2XKGEgcWvhqkXNUdMMNMsUp526Pw

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.27

Botnet

obama221

Campaign

1667915095

C2

199.83.165.233:443

24.142.218.202:443

79.166.120.168:995

92.24.200.226:995

151.32.168.124:443

72.88.245.71:443

46.229.194.17:443

142.119.40.220:2222

177.205.114.49:2222

174.104.184.149:443

86.167.26.227:2222

94.15.58.251:443

82.155.111.187:443

2.84.98.228:2222

69.133.162.35:443

92.189.214.236:2222

190.74.23.139:443

47.34.30.133:443

80.103.77.44:2222

82.34.170.37:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  1/control.exe
- Size
  
  146KB
- MD5
  
  ebc29aa32c57a54018089cfc9cacafe8
- SHA1
  
  0ac68652f6b5022d9e6d1edda5995efb253b984b
- SHA256
  
  9799c9bf478bde688a8dd2096290d03af2ba059d718c2e5e36e500a005902bdc
- SHA512
  
  af2cd9f3db78bd843ff3953ec0b6f2c519a6636d4ee78f74fbf5225dfe2b4e7c533613cc4d7cef154da40d326e5fb0969e298ab110b34e63aefecea3f1d8a1ac
- SSDEEP
  
  3072:7yjxDJHjUfMeC2l7tq7Sp5+1k12b/Af885RK:+t9HLQ747+5+1kf15
Score

10^/10

qakbot obama221 1667915095 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral1 behavioral2
- Target
  
  1/edputil.dll
- Size
  
  8KB
- MD5
  
  aaa5b76a6629aa60a9574ea4c589e926
- SHA1
  
  187549cdeb62c71db48618982dd3c88f822fdf1d
- SHA256
  
  28a1f8c5ad2e478752eafa88fde9d12838c120780dde98e2b6f8906d24c13dff
- SHA512
  
  718e34c28b78b4932d0b3d4bcc60ead3105a14cbbe3d90c9c42fba6d4b19d9ccf11c4843272b634192d5ba60d3b23569b10bb6a488b4c3847f080dd9c9546277
- SSDEEP
  
  96:cjpI5fAtznJd5VzxB0SSDpzd4tOeY7Rxm:cjSfQTJdntY
Score

10^/10

qakbot obama221 1667915095 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral3 behavioral4
- Target
  
  1/msoffice32.dll
- Size
  
  593KB
- MD5
  
  9ad223b6a1159a78a89c80f764b55b32
- SHA1
  
  1946ac5406290864731027f0ff76734c1af7acfd
- SHA256
  
  d90b24fb5bf24c12d5d7142ef42f83e9f5e25fb96b7f2d30c0d1e6ac9ff08581
- SHA512
  
  f501ecd58f6b77f5109addbcd1993283f57b893b708d39c6631694e4b164963a46617a3a1962b79b1aed1f4857ace9f8fa3c286d6fd5742b2e32d5f181390fb0
- SSDEEP
  
  12288:UnbfdUgz1clr4FgZMsAU68cUMwvLVh5VPnbh9:UbfdUggAl8vMsL5dl9
Score

10^/10

qakbot obama221 1667915095 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Qakbot/Qbot

Qakbot/Qbot

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6