qakbot | dc8c2bda28904fce2253c2fa6ff36e0c2a9baea4f67a0d2ce8bfcedb13b290fd

General

Target

vexatiousness.dat
Size

354KB
Sample

221209-cxp1cscb37
MD5

33cf782d0d0117b0a0f00e08083318bb
SHA1

de092b612dc194e8c85002bf18ee1edce81cb0a4
SHA256

dc8c2bda28904fce2253c2fa6ff36e0c2a9baea4f67a0d2ce8bfcedb13b290fd
SHA512

babab324a67b8bd087d9e3cb646e44afd4e277946a0630695fe1eabb0926c385afe9c853838a20967ce350bd933f598878c58c23529b973ffa1e11b3a160c891
SSDEEP

6144:bNsacLpop/C9lIbtBMHkqmO+pefW6Aw6hjSy/AACs98K/f+ZuDXKK8bTcTCaUGav:5s/tMrbQHt+psSw6RcA3/2oXmbTdaUnv

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.14

Botnet

obama220

Campaign

1667373670

C2

174.0.224.214:443

70.60.142.214:2222

136.232.184.134:995

67.87.214.7:443

174.104.184.149:443

64.207.237.118:443

144.202.15.58:443

74.33.84.227:443

175.205.2.54:443

174.77.209.5:443

45.49.137.80:443

74.92.243.113:995

76.68.34.167:2222

49.175.72.56:443

190.24.45.24:995

50.68.204.71:443

179.100.109.130:32101

70.64.77.115:443

109.151.171.116:2222

91.138.17.202:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  vexatiousness.dat
- Size
  
  354KB
- MD5
  
  33cf782d0d0117b0a0f00e08083318bb
- SHA1
  
  de092b612dc194e8c85002bf18ee1edce81cb0a4
- SHA256
  
  dc8c2bda28904fce2253c2fa6ff36e0c2a9baea4f67a0d2ce8bfcedb13b290fd
- SHA512
  
  babab324a67b8bd087d9e3cb646e44afd4e277946a0630695fe1eabb0926c385afe9c853838a20967ce350bd933f598878c58c23529b973ffa1e11b3a160c891
- SSDEEP
  
  6144:bNsacLpop/C9lIbtBMHkqmO+pefW6Aw6hjSy/AACs98K/f+ZuDXKK8bTcTCaUGav:5s/tMrbQHt+psSw6RcA3/2oXmbTdaUnv
Score

10^/10

qakbot obama220 1667373670 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2