qakbot | bc672fe23b19898032b312ab849d781cfd450966e17f571b8e31a0328f2bafe8 | Triage

Sharing

General

Target

Qbot_posting.dat
Size

638KB
Sample

230404-h9zm8afd5v
MD5

66c31e46e776c384f69c856505ab7852
SHA1

0502fa50d6117f1ed5d66a2d3c961eae5609f95b
SHA256

bc672fe23b19898032b312ab849d781cfd450966e17f571b8e31a0328f2bafe8
SHA512

6e916d69f0dc9f0284c4aacb7a2f75aeaa628aed3419cd16e8ac962ec98d9c7db7baceaacf3f635a496a1b13d29bcd7f3a1d7788e964b15c319282130857bebe
SSDEEP

12288:fa2sTwwDbozbuUijWQ2ieToMjavBJHuZXJMeGbX//IO:fBs1QuUijWHVUM+7OZXJM5T//I

Score

10^/10

qakbot bb02 1665761649 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

403.973

Botnet

BB02

Campaign

1665761649

C2

104.233.202.195:443

105.156.242.71:443

45.230.169.132:995

181.197.41.173:443

197.0.89.147:443

191.254.53.134:995

190.204.74.4:2222

46.185.147.165:443

190.26.159.133:995

177.205.74.14:2222

197.63.250.197:993

45.230.169.132:443

156.212.50.148:443

193.27.13.28:32100

190.200.10.82:2222

31.166.182.166:443

179.105.182.216:995

193.201.187.64:443

1.53.101.75:443

190.181.17.58:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Qbot_posting.dat
- Size
  
  638KB
- MD5
  
  66c31e46e776c384f69c856505ab7852
- SHA1
  
  0502fa50d6117f1ed5d66a2d3c961eae5609f95b
- SHA256
  
  bc672fe23b19898032b312ab849d781cfd450966e17f571b8e31a0328f2bafe8
- SHA512
  
  6e916d69f0dc9f0284c4aacb7a2f75aeaa628aed3419cd16e8ac962ec98d9c7db7baceaacf3f635a496a1b13d29bcd7f3a1d7788e964b15c319282130857bebe
- SSDEEP
  
  12288:fa2sTwwDbozbuUijWQ2ieToMjavBJHuZXJMeGbX//IO:fBs1QuUijWHVUM+7OZXJM5T//I
Score

10^/10

qakbot bb02 1665761649 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

qakbotbb021665761649bankerstealertrojan