qakbot | c9c91f54167606ee1c6d7883dd07024ebb13a7cc0884e8a21a5e569b9d8d2799

Sharing

Copy URL

Twitter E-mail

General

Target

f7091b310f6495733df015b2f868c6a2.bin
Size

810KB
Sample

230324-cx2ddsdf9v
MD5

f7091b310f6495733df015b2f868c6a2
SHA1

e185ee2efc356a98c0725e711c7b9e74a46d7b7b
SHA256

c9c91f54167606ee1c6d7883dd07024ebb13a7cc0884e8a21a5e569b9d8d2799
SHA512

54bd6da8765f74f39ec6b11081b8d3f76a53081f35c6db80f98d35af70c097f4e9c4c7c2432179e3d2fe8a3f765ff76ac46986db5795b0231ab370294d83cf15
SSDEEP

24576:nd/VgXBpYMnlr3fZKSDDuCz1pnb5V9DY4OxU9Deq:BVgx9R3hxDuCx5ltOU9Db

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

401.51

Botnet

abc105

Campaign

1606839097

90.101.117.122:2222

78.97.207.104:443

189.222.242.165:995

95.76.27.6:443

2.50.56.81:443

96.225.88.23:443

47.21.192.182:2222

189.222.242.165:443

197.86.204.38:443

84.117.176.32:443

93.146.133.102:2222

71.38.13.243:443

96.21.251.127:2222

184.98.97.227:995

58.179.21.147:995

187.213.136.249:995

65.30.213.13:6882

80.195.103.146:2222

106.51.85.162:443

187.227.87.235:995

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Extracted

Family

qakbot

Version

401.62

Botnet

abc107

Campaign

1607078484

32.212.117.188:443

109.205.204.229:2222

72.36.59.46:2222

173.18.126.193:2222

96.225.88.23:443

89.137.211.239:443

110.142.205.182:443

82.76.47.211:443

193.83.25.177:995

67.40.253.209:995

73.244.83.199:443

2.90.186.243:995

189.252.62.238:995

141.237.135.194:443

82.78.70.128:443

185.125.151.172:443

79.117.239.22:2222

86.189.252.131:2222

83.114.243.80:2222

2.50.56.81:443

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Extracted

Family

qakbot

Version

401.51

Botnet

abc106m

Campaign

1606921461

94.69.242.254:2222

189.140.45.48:995

37.182.244.124:2222

73.136.242.114:443

187.149.126.53:443

189.210.115.207:443

96.27.47.70:2222

185.163.221.77:2222

85.132.36.111:2222

178.87.10.110:443

120.150.218.241:995

68.224.121.148:993

78.101.145.96:61201

47.146.34.236:443

24.95.61.62:443

72.29.181.78:2222

93.113.177.152:443

87.218.53.206:2222

106.51.85.162:443

2.90.33.130:443

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Extracted

Family

qakbot

Version

401.51

Botnet

abc104

Campaign

1606818862

79.119.124.237:443

87.218.53.206:2222

181.169.88.203:443

82.12.157.95:995

94.49.188.240:443

46.124.107.124:6881

86.122.248.164:2222

83.202.68.220:2222

79.129.216.215:2222

37.21.231.245:995

47.187.49.3:2222

2.90.33.130:443

149.28.98.196:995

149.28.99.97:443

45.63.107.192:995

149.28.98.196:2222

45.63.107.192:2222

74.73.27.35:443

149.28.98.196:443

144.202.38.185:2222

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  quakbotsamples/29148f550d02cf98d89efb53f7137da28e91df43790f4fc052a0f405f99edcc1
- Size
  
  260KB
- MD5
  
  01b9cb4752f2a33d563fd09089d76571
- SHA1
  
  8aa2a65b78c1da2bac332069f53b6283c46f9fc6
- SHA256
  
  29148f550d02cf98d89efb53f7137da28e91df43790f4fc052a0f405f99edcc1
- SHA512
  
  2764312e1608927ead6467c885ab5155d6fac3ec69ab856991a50f8af0f61085901c43fd4ce2d7f071623bb9e0bd6d478103d9ad87ae6219334fb1102ee297aa
- SSDEEP
  
  6144:6wxqaEeZ4POyKmLrLqGvHr0nNK11G9DFp:hHEnxZrkNK11G95
Score

10^/10

qakbot abc105 1606839097 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral1 behavioral2
- Target
  
  quakbotsamples/62b038f2dc2ab995d036930a2eaa5f2dc67fb0ab884459d3fa6df653eec307e1
- Size
  
  337KB
- MD5
  
  1bcb097de905cbe1e9fc9683e1dea036
- SHA1
  
  df042b4a2c65a0d761f93baeb8ee4d06fbd33229
- SHA256
  
  62b038f2dc2ab995d036930a2eaa5f2dc67fb0ab884459d3fa6df653eec307e1
- SHA512
  
  89f6de104a2dd12040492d8836ac1819a4f857c4e6554848b68d5ca51fe7b2bd5d860403954af45a67cad42bc9909ef94fa9175e20580cfe5c6a8d14d2386b29
- SSDEEP
  
  6144:BTfmt7eZAPOyKmLrLqGvHr0nNK11G9DMQyaViFwRun:Bbi7/xZrkNK11G9AQyOi6Q
Score

10^/10

qakbot abc106m 1606921461 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral3 behavioral4
- Target
  
  quakbotsamples/a16db0d2025dff39a4a0de4071ce0e73c6810ab497453ad67c16ba0980385f60
- Size
  
  294KB
- MD5
  
  118b1050be87b8189692b82df0ae3045
- SHA1
  
  f7ca1686e66866ce961a3b94bbee1d94b962a450
- SHA256
  
  a16db0d2025dff39a4a0de4071ce0e73c6810ab497453ad67c16ba0980385f60
- SHA512
  
  abe0ae20a6a7a93bdbfe2909185a646b8eae6fdf31de0a1b51f51c79bf845974345448d105cf004e91539dcb81ca6fa504db85b822599a857aeed1f1bb46e5fb
- SSDEEP
  
  3072:D3FMCv2QswnoiglVVcBaQFRmgLo/0S13WCCx2gXaDd3N9eCj6YmVn/XrfbZl:jvv9sMoXBaRmr/dukbvuZ/7fH
Score

10^/10

qakbot abc104 1606818862 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral5 behavioral6
- Target
  
  quakbotsamples/a5bc6aad1c3205857cf8d29058f8a5283bdc743b9965b5b5d2e69df9a9b6bb1b
- Size
  
  260KB
- MD5
  
  3b8ca07dfa8d8ed5d7a4522ddcc65e88
- SHA1
  
  acc5b1ba536db0f88b8144450ef1f1dbb1338b55
- SHA256
  
  a5bc6aad1c3205857cf8d29058f8a5283bdc743b9965b5b5d2e69df9a9b6bb1b
- SHA512
  
  e1535e0f95f7635fce77e4a00bed1eb0300934257b5ecc4dbcece970e98cbbf1fcafc9c40ce9a966b17c584b9623c8cd18e681fa43497d1cc4ab1c592a87cd5a
- SSDEEP
  
  6144:rwxqaEeZ4POyKmLrLqGvHr0nNK11G9DFj:sHEnxZrkNK11G95
Score

10^/10

qakbot abc105 1606839097 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral7 behavioral8
- Target
  
  quakbotsamples/c59d033fa3a58112f7520113699c74552c4d12bb10783fa880359ec94affe2a1
- Size
  
  2.1MB
- MD5
  
  adfa9e13af7bff7b9304de834dc620e6
- SHA1
  
  1eceee464aefad0708f1e5ddcd0550b25da32fe0
- SHA256
  
  c59d033fa3a58112f7520113699c74552c4d12bb10783fa880359ec94affe2a1
- SHA512
  
  c3e459751cd7d36c6fe6934d03144536a3d0f6f85318bf14f798a6ea9d5bee2adf68cb20d2c9ecf861a9bd96b5fd75750fcf283f8fe17a878f19ab7706692c66
- SSDEEP
  
  3072:DNoM+4+Kci5Cbw8IsklTVhKAgUbV6RWWuZ:DW0NHmt9klHb4
Score

10^/10

qakbot abc107 1607078484 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral10 behavioral9

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Targets

Qakbot/Qbot

Qakbot/Qbot

Qakbot/Qbot

Qakbot/Qbot

Qakbot/Qbot

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10