qakbot | 5b468bf05bd7599192aeffe15f151dcaafb2eb458697158eb71ee57600f8655d

General

Target

qq.zip
Size

352KB
Sample

221206-y8ceasag76
MD5

d9bbf31e60a5949a7fc25f44ff1c7e36
SHA1

f5a2f74a7677a6a63b4cac303006c227823a760f
SHA256

5b468bf05bd7599192aeffe15f151dcaafb2eb458697158eb71ee57600f8655d
SHA512

4ce0db1999272b71103b009a58dd6a678f509b0297439e95bd5ffa6252480ae7d9225d68688f243a2793ac1a4b49e02dcc2f8ab8df38eb2b171603a5b4a27d5c
SSDEEP

6144:HCL+q8yDIe7Z2HTBbGupAjxyKUsyMFanv3EJ3pw7MEpBmyxLF3Yy+mLOgc/:HrByDIe78NbGkhKnF0fGeBmyxO9

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

obama226

Campaign

1670237875

C2

76.100.159.250:443

66.191.69.18:995

186.64.67.9:443

50.90.249.161:443

109.150.179.158:2222

92.149.205.238:2222

86.165.15.180:2222

41.44.19.36:995

78.17.157.5:443

173.18.126.3:443

75.99.125.235:2222

172.90.139.138:2222

27.99.45.237:2222

91.68.227.219:443

12.172.173.82:993

103.144.201.62:2078

12.172.173.82:990

173.239.94.212:443

91.169.12.198:32100

24.64.114.59:2222

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  cmd.bat
- Size
  
  71B
- MD5
  
  ca98cd372e6931810713b368a0e0c6fb
- SHA1
  
  90c0bd07ff6d5199c0494e4e04eb56017ff57118
- SHA256
  
  c4c4cb3bed7386ac131d858e530998c6ac9e193c39158cdad2466f702dea0b74
- SHA512
  
  c7e13c5753b1e9f6ed850c034564762644af1eff80db9f8f2efc0ebb6e2ab5597f517417710adc7ff8309057060c5553d9e79a925f51f85b440b5c9cb6c50367
Score

10^/10

qakbot obama226 1670237875 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2