qakbot | 2b44638c6ad4b654b8d72e1c4297f96de5df45ff39c306c1331f7c26608b27d2

General

Target

c6af263a33a022c75176b991c9bece6ecd88984d4be5b847fe7b1238155ae0e0
Size

250KB
Sample

230103-eqnvtsch7w
MD5

bd286964d57d034a4356f50cd7ac2927
SHA1

aad88b095025aa417601ce7846f8155e6babba9c
SHA256

2b44638c6ad4b654b8d72e1c4297f96de5df45ff39c306c1331f7c26608b27d2
SHA512

28288845457901d9e71ab1459b8ca3393a75f36316a7a5d9d5aac32a56fdf39d23f3b55e20f868bc09d1354bd86b4bb9cf76a7c3d2af858a48dc911924ad6aea
SSDEEP

6144:eElL+v1JK2C3J+Ig9E66Qq2elk+93zTno3pMPpUegkFNbC:lmJK2ksIFOUhz0MpVFNbC

Score

10^/10

qakbot bb 1663148750 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

403.862

Botnet

BB

Campaign

1663148750

C2

193.3.19.37:443

99.232.140.205:2222

99.253.251.74:443

197.94.210.133:443

37.210.148.30:995

14.161.194.86:443

154.181.203.230:995

200.161.62.126:32101

134.35.10.122:443

64.207.215.69:443

81.131.161.131:2078

217.165.85.223:993

78.100.225.34:2222

85.114.110.108:443

102.38.96.108:995

123.240.131.1:443

109.158.159.179:993

186.105.182.127:443

190.44.40.48:995

88.233.194.154:2222

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  c6af263a33a022c75176b991c9bece6ecd88984d4be5b847fe7b1238155ae0e0
- Size
  
  436KB
- MD5
  
  b4b39ee4b9bce2fbf893431d50c00584
- SHA1
  
  423a84fec0e9388ec51a002a6ba1202e717baf21
- SHA256
  
  c6af263a33a022c75176b991c9bece6ecd88984d4be5b847fe7b1238155ae0e0
- SHA512
  
  ab699d43ecab6ff695ee8bb646cb4c66d96af74c08a60e4a411b1afe8ccf365cc5caa108e3a580dc0f14df25a7d3f2386b46aff49f881cbb799f1a34a525b0d1
- SSDEEP
  
  6144:36N5XNlCfcqFhOdpwNzM2a3gfwp3NkOWuzv/24bktfTGoH:KrducqxNzbaP3WOWuLTCfThH
Score

10^/10

qakbot bb 1663148750 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2