qakbot | bcc0f7ecc9f0225a7fec74b259c9fe04002c6de59e94d5a1f3a951025694f08b

General

Target

Malware.zip
Size

276KB
Sample

230201-amka1sda21
MD5

983688fde56ef0423e08668e3320a06d
SHA1

0087542d8f6088637b26034287496b6f679156ae
SHA256

bcc0f7ecc9f0225a7fec74b259c9fe04002c6de59e94d5a1f3a951025694f08b
SHA512

521271cd663c4437b2174952198c87f7d257ca5e774a23caab2eb8397fbb5e2485d1ce9a69f74012274ef447ecb7f92f6aed49636c37df50c3891bacb9238955
SSDEEP

6144:M+MPkaqn8/m3PyYEj7jpP1RD/gofx/tOiKXPRL:MD1q8m54jpP1RMWgiAJL

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.432

Botnet

BB12

Campaign

1675161116

C2

103.252.7.228:443

87.10.205.117:443

82.15.58.109:2222

72.80.7.6:995

90.162.45.154:2222

47.34.30.133:443

50.68.204.71:993

112.141.184.246:995

73.165.119.20:443

91.169.12.198:32100

173.18.126.3:443

87.56.238.53:443

85.241.180.94:443

12.172.173.82:50001

92.154.17.149:2222

103.42.86.246:995

12.172.173.82:990

91.254.132.23:443

121.121.100.207:995

74.92.243.113:50000

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  RunDLL-1.bat
- Size
  
  29B
- MD5
  
  e937898cd08c6e4e90f5ccd6de2911f1
- SHA1
  
  fead8d64d41c46176f8a4b381056db02d755beac
- SHA256
  
  195b606e379174317cb722492c3d0b7930567226b799a44082f6184fa05ce307
- SHA512
  
  b5f4bc81b79d9f8473d3193c0ef2e4cd8538ccfda8623ee263463e593d1b14ddc2a9cbf88668ebb692b8bb6449a6f6216c83e4ded1953331c715b20b6e33d18f
Score

10^/10

qakbot bb12 1675161116 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Loads dropped DLL

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2