qakbot | edc0c5d05fdf66a9f482c60292c6fe98e8e81f8817d722d8545539fa2ac57fa4

Resubmissions

31/01/2023, 18:30

230131-w5xvqahf27 10

31/01/2023, 18:16

230131-wwy2eshe77 3

31/01/2023, 17:51

230131-wfchgsbd2v 3

31/01/2023, 17:49

230131-wd521shd85 3

Sharing

Copy URL

Twitter E-mail

General

Target

Qakbot.zip
Size

276KB
Sample

230131-w5xvqahf27
MD5

0db1ec5e7e9f69448363c74344f25a05
SHA1

0fe6802c716438f3ac7243dabff7fa3d65ab3019
SHA256

edc0c5d05fdf66a9f482c60292c6fe98e8e81f8817d722d8545539fa2ac57fa4
SHA512

20cf506e4362ac1d10a89f6137c5ffa605bb541a7a41d2e0ae9b3f894d2f0abc08fd7c1cb166959e7038aadc0ee819a32ecacc322161eecaaa6496e20157d035
SSDEEP

6144:n135XYN8pe6Cnxn+6gy3NxIn9zN8hkYZyFzAI0TLNM59nzfG:vXYNt6OxPxIn9NskjFzABUnC

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.432

Botnet

BB12

Campaign

1675161116

103.252.7.228:443

87.10.205.117:443

82.15.58.109:2222

72.80.7.6:995

90.162.45.154:2222

47.34.30.133:443

50.68.204.71:993

112.141.184.246:995

73.165.119.20:443

91.169.12.198:32100

173.18.126.3:443

87.56.238.53:443

85.241.180.94:443

12.172.173.82:50001

92.154.17.149:2222

103.42.86.246:995

12.172.173.82:990

91.254.132.23:443

121.121.100.207:995

74.92.243.113:50000

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Qakbot.dat
- Size
  
  713KB
- MD5
  
  ea01b105c2c1bb90559bea2cd3df26fe
- SHA1
  
  cf73e2502f7976288857d81adf812b1b0c7c55d0
- SHA256
  
  4a990b2e48bc3a48a93ec155feb21d79201f6bf8b248ecd16367dc14bd2bce75
- SHA512
  
  698e72e18a4312b128989068a79869ec58a3e234e4af0516c98ccd0b839397e7bc1e534f316aa97f360dee2f9ce1bb119519010bb4566374ed333325eb84df5c
- SSDEEP
  
  12288:9qwFxm3G6H4RyuHbR1MxnuTV/iV1SdURA8s2Q5Qp:QwFxm3G6H4IuHbR1MxnuTV/iV1QTQ
Score

10^/10

qakbot bb12 1675161116 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1