qakbot | 44956175fc468119a09618a9557a66e9b950efbdf8aee451aea5cbb33541c42a

General

Target

unknown_PID6aec_hiddenmodule_2850000_x86.dll
Size

144KB
Sample

230209-ykn37aaf34
MD5

f494666679e644f25889333747e5102d
SHA1

2ceb3e0f8e76abb9033dc2c2930a926bc9058a67
SHA256

44956175fc468119a09618a9557a66e9b950efbdf8aee451aea5cbb33541c42a
SHA512

4080f6f87ab989808e41283d95e6170306dc7ae4c6df46466787097381f6341aa8f55232fabf6295fb19a3ac5ef8219195267ec0e7280502e576c3c1de1ddd05
SSDEEP

3072:SDCWW5nnFH+6ETOCtePAr4YJ/2PJkISTBff2LT:b5nnFedTBe4r4YJ/yJkISTBX2L

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.432

Botnet

BB12

Campaign

1675417198

C2

12.172.173.82:995

12.172.173.82:2087

50.68.204.71:443

84.215.202.22:443

98.175.176.254:995

184.155.91.69:443

50.68.186.195:443

183.87.163.165:443

172.248.42.122:443

93.156.100.20:443

102.156.32.143:443

50.60.157.175:995

75.143.236.149:443

69.133.162.35:443

105.184.159.165:995

130.43.172.217:2222

82.36.36.76:443

73.223.248.31:443

202.142.98.62:443

73.161.176.218:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  unknown_PID6aec_hiddenmodule_2850000_x86.dll
- Size
  
  144KB
- MD5
  
  f494666679e644f25889333747e5102d
- SHA1
  
  2ceb3e0f8e76abb9033dc2c2930a926bc9058a67
- SHA256
  
  44956175fc468119a09618a9557a66e9b950efbdf8aee451aea5cbb33541c42a
- SHA512
  
  4080f6f87ab989808e41283d95e6170306dc7ae4c6df46466787097381f6341aa8f55232fabf6295fb19a3ac5ef8219195267ec0e7280502e576c3c1de1ddd05
- SSDEEP
  
  3072:SDCWW5nnFH+6ETOCtePAr4YJ/2PJkISTBff2LT:b5nnFedTBe4r4YJ/yJkISTBX2L
Score

10^/10

qakbot bb12 1675417198 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Loads dropped DLL

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2