qakbot | ce9113fc983ed9c41944321711d228aa57a536294b7180e407dc2f9dc17bb4ad

General

Target

BO31.vhd
Size

2.0MB
Sample

221207-tm3l5sfd39
MD5

c0a3258656cfa0c62e1c216fd7cdc97f
SHA1

c774d11f9e030c112e20603c1be045db87d1916a
SHA256

ce9113fc983ed9c41944321711d228aa57a536294b7180e407dc2f9dc17bb4ad
SHA512

6d9d946231c3529d53715f368829f76a779ff9638f5e250ef7e31fe8cf7717a71b9f2a4c5d4f461917ed3182d66ff1ed0ab49d03d6958854a97edd000934d4d7
SSDEEP

12288:DudXJBApSIdw+5n8H739YoRmwZBY9bk8OlBf07A4QDXSAIdQFFF7:qBIR8bFR7tVlDXScn

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

obama226

Campaign

1670237875

C2

76.100.159.250:443

66.191.69.18:995

186.64.67.9:443

50.90.249.161:443

109.150.179.158:2222

92.149.205.238:2222

86.165.15.180:2222

41.44.19.36:995

78.17.157.5:443

173.18.126.3:443

75.99.125.235:2222

172.90.139.138:2222

27.99.45.237:2222

91.68.227.219:443

12.172.173.82:993

103.144.201.62:2078

12.172.173.82:990

173.239.94.212:443

91.169.12.198:32100

24.64.114.59:2222

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Ref.lnk
- Size
  
  1KB
- MD5
  
  248055a563483ef930720c09a04558e6
- SHA1
  
  e1ae82278c77a4f864c5d0852362b8fbe3242d9a
- SHA256
  
  54e0cd9a35bd22dacff252ca7f2db6c138291bca12c4d05cdec6cde3fcc22f4a
- SHA512
  
  98928b3b1899f3ea79b190da252b5035b476a9a6a2e68019c624bbc7e34e7566cd6f8ab37adf3721d2a9a7207823487bc28413bbbd774f0b1f38182d7e19d24e
Score

10^/10

qakbot obama226 1670237875 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral1 behavioral2
- Target
  
  engendering/catenary.tmp
- Size
  
  596KB
- MD5
  
  740ef7c49bbf7b6dc80ada0cb1b8f824
- SHA1
  
  233dae2d621fe77935ca3d4ca1dd07b3e956914c
- SHA256
  
  5b88a129b9138aea014f1425f5b28f5937e657d778a681c0e5685481d6eefc54
- SHA512
  
  59b44da52b911e16ce00b19937739cd267931535232f317bbcfdafc24c59180ce295d156847c7bcbae2e00a16c2291f12d79ab4ac4716c41cb7465298a75b88a
- SSDEEP
  
  12288:4n8H739YoRmwZBY9bk8OlBf07A4QDXSAIdQFFF7:48bFR7tVlDXScn
Score

3^/10
behavioral3 behavioral4
- Target
  
  engendering/exiting.cmd
- Size
  
  215B
- MD5
  
  72085b2cfb2a98781bbbdc6708315022
- SHA1
  
  a617bfe49f5e57447cc568a60bd35d24f02aef3d
- SHA256
  
  fee4ef43b2286be2b5c51510045c1aa4c873941695070e8db4f5e5d2e60920c2
- SHA512
  
  544dbeff470456e256c5abcc230a20f26aaefab91cb4a14b102f42d98a4d699f2a966aed28d2ce3eaffe35a37451cd5b6c5cab384369d20e2bcf58dd27337db4
Score

1^/10
behavioral5 behavioral6
- Target
  
  engendering/suite.cmd
- Size
  
  314B
- MD5
  
  c5307a3a6319b241a7e15f64f7562701
- SHA1
  
  18262674ec55508d7639c816d052bf67c6059ba3
- SHA256
  
  2a65f7c44630717f90ab75328cfaa056db2feafebfe88be842a9d4a72a616922
- SHA512
  
  632f445d95e1e08ad7790d914283ba40a845b55e38a09653141d943c621f219a446f80e600bf31db1deb9741f0331ca866a231b1a4e0c3de2553a4673ff7accc
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8