qakbot | b6e8a316e550183223d1fa66fec47171f402799ad37ed1b8c65a03b156c0b06e

General

Target

36217578-ea22-4c82-916f-2d0850a60c2a.zip
Size

648KB
Sample

221130-yczjyshe57
MD5

5bb71216a0058523346498f1e08d2a1d
SHA1

2d3481c73c53d96957d12829b1784b7cc320a04e
SHA256

b6e8a316e550183223d1fa66fec47171f402799ad37ed1b8c65a03b156c0b06e
SHA512

37a3c56d8624dc58031b22d1ce968c48dc7e802d44a4380935034ee58151e627af4330a2f74a0c132f392a3e8f3cd0e56798679fb212455e04a6b750f3cd8b6f
SSDEEP

12288:mpqJYfqJjqMeFrqlV/Rfc3VKrSEOhXDEJZf7PjM0lZqkTn3w5yNU/or:qVqJjqMeFrqbR03E+9FDgxPYWqkD3w5k

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

obama224

Campaign

1669794048

C2

75.161.233.194:995

216.82.134.218:443

174.104.184.149:443

173.18.126.3:443

87.202.101.164:50000

172.90.139.138:2222

184.153.132.82:443

185.135.120.81:443

24.228.132.224:2222

87.223.84.190:443

178.153.195.40:443

24.64.114.59:2222

77.126.81.208:443

75.99.125.235:2222

173.239.94.212:443

98.145.23.67:443

109.177.245.176:2222

72.200.109.104:443

12.172.173.82:993

82.11.242.219:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  BA-536WP.iso
- Size
  
  101.2MB
- MD5
  
  728e89927597068a6ee9b6bb0afe8547
- SHA1
  
  df2cb34beee7342c07a5a9a0fddd70595c8ee8f9
- SHA256
  
  36878adc0c219b3391b0b66b94d90de3e111517147d1b452daef6a53869f919b
- SHA512
  
  d9f9b8e2223de9260f8cbeb4d5fef4812022c4204b935bf8b6ce0ed201250c1944ef2cfed14cf38a449c36c7dab66f3cdd88a9f209a4e65cf61a4c7e702d46e9
- SSDEEP
  
  24576:bFolOZ7iw5kwfHH3vwLwZ0RV9Z0OEdMd5z52kqAaBJP8fnLJ518VCqoI2ytHE:bFolOZ7iw5kwfHH3vwLwruDHAHE
Score

3^/10
behavioral1
- Target
  
  WP.vbs
- Size
  
  181B
- MD5
  
  5ca8bf4d54c5a6ba16be02d7f4a61484
- SHA1
  
  63832302def71a4723938f4582bc055c0192a0cb
- SHA256
  
  cabbe7798af03ef5a987c87fb3ddac1b82fb9ab26de403238a803e723bcf7d53
- SHA512
  
  b2427697228305468a1389b6d24385d4c4addf149c39423a70fee76e9285701842425a2482ff7256509ffdd04c6d301fc8f3b0b3e3c626ed4467007f7e654c25
Score

10^/10

qakbot obama224 1669794048 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral2
- Target
  
  metaphysic/nightmares.vbs
- Size
  
  181B
- MD5
  
  5ca8bf4d54c5a6ba16be02d7f4a61484
- SHA1
  
  63832302def71a4723938f4582bc055c0192a0cb
- SHA256
  
  cabbe7798af03ef5a987c87fb3ddac1b82fb9ab26de403238a803e723bcf7d53
- SHA512
  
  b2427697228305468a1389b6d24385d4c4addf149c39423a70fee76e9285701842425a2482ff7256509ffdd04c6d301fc8f3b0b3e3c626ed4467007f7e654c25
Score

3^/10
behavioral3
- Target
  
  metaphysic/vaulted.ps1
- Size
  
  365B
- MD5
  
  e7191cc473f66a3adb133fba449ccdc0
- SHA1
  
  353a5b24b3991f81536aa5bbf6b3bdf221cd18a7
- SHA256
  
  a3b00b825641f9c253568750e36ec6a1352bd8d4f847b8656820150a84fed98b
- SHA512
  
  e180cc1c8d710e3efdc3e8e84770faa05c4837a7d057b44ffa96d7e5665bd9f2b89aab86bd833e00312212a22b181d8414510c8e7f9e4310b19c97844321f84e
Score

1^/10
behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

3

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4