qakbot | 232ec42b51df281533c557d9013aa5bbeff130bc6e0cb8de7ef1cf965ed81eb1

General

Target

01.gif.dll
Size

1.0MB
Sample

230202-njvt8sfh72
MD5

ddd09db61d8f6565ba41c20695ea3ac2
SHA1

7fe4eb7f1ccc59763e352defc3298f0c208f171b
SHA256

232ec42b51df281533c557d9013aa5bbeff130bc6e0cb8de7ef1cf965ed81eb1
SHA512

4850befa2db86aae62aa0ae951695cd16c54b749bd6de189966b0dc4e14db45e07e9203b07da8b5b1722864cfe4a243ee0de7afd7b95723505ea17eda7c3bc9e
SSDEEP

24576:aHjOfF1vLCeGI4e9GqEMAinTjc7c6LvWxGXaEA5:aAjDjt4cAAfc7bDWxGXw

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.447

Botnet

BB12

Campaign

1675326103

C2

47.203.227.114:443

1.162.248.14:27393

187.1.1.90:26646

98.145.23.67:443

1.70.77.116:59649

187.0.1.74:8644

12.172.173.82:995

1.109.159.118:15368

187.1.1.182:46185

86.130.9.182:2222

1.217.128.91:50184

70.66.199.12:443

1.27.109.19:23048

209.1.1.184:39300

174.104.184.149:443

1.81.151.102:57345

187.1.1.47:8734

87.202.101.164:50000

1.73.165.119:5121

181.118.206.65:995

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  01.gif.dll
- Size
  
  1.0MB
- MD5
  
  ddd09db61d8f6565ba41c20695ea3ac2
- SHA1
  
  7fe4eb7f1ccc59763e352defc3298f0c208f171b
- SHA256
  
  232ec42b51df281533c557d9013aa5bbeff130bc6e0cb8de7ef1cf965ed81eb1
- SHA512
  
  4850befa2db86aae62aa0ae951695cd16c54b749bd6de189966b0dc4e14db45e07e9203b07da8b5b1722864cfe4a243ee0de7afd7b95723505ea17eda7c3bc9e
- SSDEEP
  
  24576:aHjOfF1vLCeGI4e9GqEMAinTjc7c6LvWxGXaEA5:aAjDjt4cAAfc7bDWxGXw
Score

10^/10

qakbot bb12 1675326103 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Loads dropped DLL

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2