qakbot | 085f0f3f25b1328d153a7c56125e1d8a4d43bc882fe3f250d742ea5247850c02

General

Target

hindmost.temp.dll
Size

1.0MB
Sample

221122-twcr3sdd6y
MD5

09a815f48d8a5319d88f2b8b2e4b02ab
SHA1

e6601cb30205c8e790ac4511f0d6362b80dbb9f5
SHA256

085f0f3f25b1328d153a7c56125e1d8a4d43bc882fe3f250d742ea5247850c02
SHA512

5ba1578fe2203155bfcdda248c2d8a2cce3799f0e45c36ea952b7043b3c4436c1c53daec69cdf8d00a98638bb63220310ab060e0c8f28cc051d0b76b99eafebf
SSDEEP

24576:AXYkbOvnDF9dnJEd+5F6bRGiJzN8gvd4rmwd2eZL/v2mWG2mWYY:XHnDF9dnJEd+5F6bR/JzN863q/v2mWGl

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.30

Botnet

BB07

Campaign

1669024152

C2

69.119.123.159:2222

197.148.17.17:2078

174.104.184.149:443

12.172.173.82:995

91.68.227.219:443

85.241.180.94:443

83.7.53.150:443

213.22.188.57:2222

71.46.234.170:443

190.75.150.58:2222

86.98.15.100:995

89.115.196.99:443

83.31.254.67:2222

46.162.109.183:443

2.84.98.228:2222

78.69.251.252:2222

12.172.173.82:465

75.143.236.149:443

47.229.96.60:443

80.121.8.212:995

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  hindmost.temp.dll
- Size
  
  1.0MB
- MD5
  
  09a815f48d8a5319d88f2b8b2e4b02ab
- SHA1
  
  e6601cb30205c8e790ac4511f0d6362b80dbb9f5
- SHA256
  
  085f0f3f25b1328d153a7c56125e1d8a4d43bc882fe3f250d742ea5247850c02
- SHA512
  
  5ba1578fe2203155bfcdda248c2d8a2cce3799f0e45c36ea952b7043b3c4436c1c53daec69cdf8d00a98638bb63220310ab060e0c8f28cc051d0b76b99eafebf
- SSDEEP
  
  24576:AXYkbOvnDF9dnJEd+5F6bRGiJzN8gvd4rmwd2eZL/v2mWG2mWYY:XHnDF9dnJEd+5F6bR/JzN863q/v2mWGl
Score

10^/10

qakbot bb07 1669024152 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2