qakbot | 79f11e58225f2cbde139c3ce530297018be8e0b59bcf24681b95297884f12f04

General

Target

Qbot.zip
Size

2.7MB
Sample

230316-s2de5abe67
MD5

17aef9d13b160afcb3712566829073cc
SHA1

a1b1b4fcc6a2537ea4b9b7e1f757e5f2b51eb3e9
SHA256

79f11e58225f2cbde139c3ce530297018be8e0b59bcf24681b95297884f12f04
SHA512

bdc2d0ca4144d38e046169193749edc06f3361b691b4b452e2fcb92884ccc258bcc52d3875df6a1a5b0208c09d7068d021aab9d91ecc52d5c976a73dd8d7f176
SSDEEP

49152:PIC8kLdZ/mKhCtq9TPLtOr7ilAn2EY4oUyXOz2gRbojwN4lno4Z4PUZ:PIyLz/mwCta6fbhTD7Yo2GO

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.266

Botnet

obama242

Campaign

1678805546

C2

92.239.81.124:443

176.202.46.81:443

2.49.58.47:2222

86.225.214.138:2222

74.66.134.24:443

213.31.90.183:2222

12.172.173.82:50001

202.187.87.178:995

70.53.96.223:995

92.154.45.81:2222

186.64.67.54:443

81.158.112.20:2222

190.191.35.122:443

68.173.170.110:8443

12.172.173.82:993

98.145.23.67:443

12.172.173.82:22

37.186.55.60:2222

84.216.198.124:6881

73.161.176.218:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Extracted

Language

xlm4.0

Source

Extracted

Language

xlm4.0

Source

Targets

- Target
  
  5fa99dca32f66c0edd6d5f86da8be806a3217606ba0bf0ec0c559cb1f0632b69
- Size
  
  589KB
- MD5
  
  aa6102c10a685f388d5ae16c5f146ecf
- SHA1
  
  b5943232258b93f8ff31846d62606ae4add162ce
- SHA256
  
  5fa99dca32f66c0edd6d5f86da8be806a3217606ba0bf0ec0c559cb1f0632b69
- SHA512
  
  c138ff44f7461c53f7d5b932a017b35bf8c13c4752ef5e5648f968070e2b510ca6607a1efa9b5696a31a2a736e3148904a32d4ea91eb34a8d47314c2fe0839bd
- SSDEEP
  
  6144:8cTaT6oGCNIamrNSYVnttpONtX7EmG2dOdQRG8l/dmMF7VndLmmmmmmm644tkw95:fVpSIm3OdQwgvpVndf42HXDiuJTMw4
Score

10^/10

qakbot obama242 1678805546 banker stealer trojan
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  e7c5a14367c05db6df9a4804137125064a7d6699940f1544586c1d036c350598
- Size
  
  2.3MB
- MD5
  
  548e4085cfc559640b0a935d87484cdd
- SHA1
  
  0cb8ffbb71e9ab9a74fa76700f6f677df9a6c967
- SHA256
  
  e7c5a14367c05db6df9a4804137125064a7d6699940f1544586c1d036c350598
- SHA512
  
  449af2fc126593d9452bf6fbd9890f15a4d24ca3c8d01405616419e8e5ffd81cc2f28c02a982dce19286ce13f6eb71ef6ce47c275a72ac1db10a7025ca1fa3ae
- SSDEEP
  
  49152:Wjrid3EfessB2KEAQ3PlAEIZ6QqrONloCt4nnM+DoRDPOjYvf9FB:arid028KEl39AdZ/6y+9M7RDPZB
Score

10^/10

qakbot obama242 1678805546 banker stealer trojan
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral3 behavioral4
- Target
  
  2020a8611379d8236343da65155aab32ec37f597317560762625f9536c579474
- Size
  
  2.3MB
- MD5
  
  377f7e337efb013f05ae038a4a229d04
- SHA1
  
  e7e3e8b27e25de03434d62a0dc5101771f72eeda
- SHA256
  
  2020a8611379d8236343da65155aab32ec37f597317560762625f9536c579474
- SHA512
  
  9beb60575cb92e36bc6f14b720beff2ec318be35f4c31a1ec1de4e2470a85aeced6c278adda087cb10d8e0ed0538786d89f73103fe3300bc433d813e2fa94e7f
- SSDEEP
  
  49152:WjrNd3EfessB2KEAQ3PlAEIZ6QqrONloCt4nnM+DoRDPOjYvf9FB:arNd028KEl39AdZ/6y+9M7RDPZB
Score

10^/10

qakbot obama242 1678805546 banker stealer trojan
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral5 behavioral6