qakbot | c64c7c8922d10c146c7709cb9f6dd5040fe048f784057b37291cd66b16a3ea62

General

Target

cdec8947635f7dedc753b6581983ec4eb68b161796ce0990d67a01737766c1f7.zip
Size

218KB
Sample

230310-nlnhyafb31
MD5

301c7b8cb8090977f941469caa16220f
SHA1

6fe611b2ae3137ba498aa6041f54808fe2fd6efb
SHA256

c64c7c8922d10c146c7709cb9f6dd5040fe048f784057b37291cd66b16a3ea62
SHA512

4f1feaf8addcc2a002f3e50ced63d590856fea43a1a093e1658a8d13189c1e967e508cd0a1e7e9039bd15233a77e1eebd6d5c49b74bccab840b668a7fcaa2f67
SSDEEP

3072:uchcXy+qyPt1UgTSZ4uFKQ5+Yhz3UymEVfIvFrZIBYj2rfASV2H8sTTVN9pfJ:uSBt8Gp9KM+0UymEeVSBvvV2ceTdpfJ

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.226

Botnet

BB18

Campaign

1678346091

C2

114.143.176.235:443

92.154.17.149:2222

2.14.45.117:2222

84.108.200.161:443

109.11.175.42:2222

88.126.94.4:50000

87.202.101.164:50000

50.68.204.71:995

49.245.82.178:2222

12.172.173.82:32101

190.11.198.76:443

79.67.165.149:995

115.87.227.49:443

84.215.202.22:443

118.250.110.98:995

66.131.25.6:443

80.1.152.201:443

198.2.51.242:993

151.48.158.236:443

50.68.204.71:993

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  cdec8947635f7dedc753b6581983ec4eb68b161796ce0990d67a01737766c1f7.dll
- Size
  
  381KB
- MD5
  
  2bd110d17002ecc13814cfd2fc4cd939
- SHA1
  
  99e4697e1cd3b8e92f34bada548cc59dd155eb22
- SHA256
  
  cdec8947635f7dedc753b6581983ec4eb68b161796ce0990d67a01737766c1f7
- SHA512
  
  575fb0620f876a57f32a93518deeddd709b490a46f0cea5891902f222c6dd875577489c93d740d7b19b69e5e12839cd6c31b14da81a62dc5dd55fe63e831a78c
- SSDEEP
  
  6144:i4XpMMnVH+R25rka7HNpnbkUds8D1GJR8:RXvVHY25RHbks1GJR8
Score

10^/10

qakbot bb18 1678346091 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2