qakbot | ce24d9a265549557a9f8080c66de38dec940fb7aef2fc6236c5df1ab19995249

General

Target

Malware.zip
Size

337KB
Sample

230314-xtf89shc89
MD5

4dfa0bc574f1099b87596098dcf47b7e
SHA1

45753cd6c5aa9bc412964bac593b6a1a11c9b4d1
SHA256

ce24d9a265549557a9f8080c66de38dec940fb7aef2fc6236c5df1ab19995249
SHA512

c8bf8378a500c967a1f733c978ffad7b87bb83355319906d6f6dd09bc1f5c785ab4debd97e56e4c8e14f5e0455c1271db6c8140668c937b4cd5266b2cfdc1b4f
SSDEEP

6144:MEieT84AC/SUrLbUQVGyOsMv1fpiAAC5IRvhFwFLa2TnBR2dM35WAFG23C:LietAC/SUrLbUQo0gCCedhFwhagPuM3U

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.266

Botnet

obama242

Campaign

1678805546

C2

92.239.81.124:443

176.202.46.81:443

2.49.58.47:2222

86.225.214.138:2222

74.66.134.24:443

213.31.90.183:2222

12.172.173.82:50001

202.187.87.178:995

70.53.96.223:995

92.154.45.81:2222

186.64.67.54:443

81.158.112.20:2222

190.191.35.122:443

68.173.170.110:8443

12.172.173.82:993

98.145.23.67:443

12.172.173.82:22

37.186.55.60:2222

84.216.198.124:6881

73.161.176.218:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  RunDLL-1.bat
- Size
  
  29B
- MD5
  
  9a78cdda7bc823ff0a665e764f87a7a9
- SHA1
  
  659e88ee018794d0dfd32becc7adc8a6199f6d9f
- SHA256
  
  fd575e009f5b841a6971dbc651da1accd2227f46ffc2c5c41e604aa7e7cdd5d9
- SHA512
  
  c39bf673899c03252cda5e5e3eb4a2777ffca9a865123c8408026e32c2f7ca0763aa3cc432778fe2019d65142d17d8f1396eac03c2e03ef1728b3c4ff5d28e98
Score

10^/10

qakbot obama242 1678805546 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2