qakbot | d277f62b4d361b03beb59506f07d288d187b9d8b33b4aa6cba8d51b856d15d2e

General

Target

mal.zip
Size

354KB
Sample

230330-qlcsjsec5z
MD5

42175d9785e17adb5f13f3e37995cd1a
SHA1

4d874f997f54691ab7df48fc4f29ecbff05683dc
SHA256

d277f62b4d361b03beb59506f07d288d187b9d8b33b4aa6cba8d51b856d15d2e
SHA512

e81cf15c33ee4a0bd7461151a17edf132bdcb8c0dababad37d19a3337137c2e96cc306f5b071d5ca549285feed00816f5be37b894dd280be40e3e9071e2df2dc
SSDEEP

6144:ufXg3M5/q5GW92qck0rH1uXiJUQztCqrVih/H5IMlkwYXPlmp2GDb9jDkv4R:u/t5/S92QglztCMsH5zmHQDb9jDWQ

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.843

Botnet

BB21

Campaign

1680106938

C2

94.30.31.47:50000

72.88.245.71:443

136.35.241.159:443

74.92.243.115:50000

47.196.225.236:443

71.46.234.171:443

50.68.204.71:443

78.130.215.67:443

46.64.171.68:443

92.186.69.229:2222

68.173.170.110:8443

75.90.87.37:995

94.30.98.134:32100

24.236.90.196:2078

162.248.14.107:443

72.203.216.98:2222

67.219.197.94:443

78.69.251.252:2222

50.68.204.71:993

174.4.89.3:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  run.bat
- Size
  
  22B
- MD5
  
  7982f3323acdaed4489c85a01440ae87
- SHA1
  
  746dbd816277a21b6805a3ac7defd12a26465e30
- SHA256
  
  35cf33e0a4d9265c233f27095b90b93b1083a97f68295102266edee608045543
- SHA512
  
  0babfc6388260f933e40397c4ae1a7289feb22f326f5da7f3d2cc78589c09e6aed3b6da43cd47330ead65ce8a65a3b392e103b70d1a2b62a921679fa0e217650
Score

10^/10

qakbot bb21 1680106938 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

1

T1057

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2