qakbot | 380b8a70cef9604929177aa519ab7f02658648bde02892aa107e123764df8d54

General

Target

beautydomPorrigo.Reargument.dll.bin
Size

633KB
Sample

230511-xaxf5sca4t
MD5

f06a54b8549fec8b988da37e049fa23e
SHA1

89f7eb1aea54573834a37c45617848c7ca721a56
SHA256

380b8a70cef9604929177aa519ab7f02658648bde02892aa107e123764df8d54
SHA512

98f38fbfd74726a24926b9b204aa77001bfa753781b608f330aae9247f39fc9836ad8e075a230beeccfbdc153964c3b57f8290a47a11a16ab183e3239a5f3a22
SSDEEP

12288:qzbDRgCdJy+vKjt/hp2JIdK6DOAj/di+I/dzAwuFQ5fC:qXVgoy+YdbKh6DOAjVi6wuFQ5fC

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.1038

Botnet

BB27

Campaign

1683811051

C2

113.11.92.30:443

86.130.9.208:2222

27.109.19.90:2078

70.28.50.223:32100

89.129.109.27:2222

12.172.173.82:21

70.28.50.223:2087

200.93.26.107:2222

50.68.204.71:993

12.172.173.82:32101

173.88.135.179:443

70.28.50.223:3389

86.99.48.130:2222

67.219.197.94:443

76.64.99.251:2222

86.250.12.86:2222

136.35.241.159:443

69.157.243.204:2222

216.36.153.248:443

173.176.4.133:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  beautydomPorrigo.Reargument.dll.bin
- Size
  
  633KB
- MD5
  
  f06a54b8549fec8b988da37e049fa23e
- SHA1
  
  89f7eb1aea54573834a37c45617848c7ca721a56
- SHA256
  
  380b8a70cef9604929177aa519ab7f02658648bde02892aa107e123764df8d54
- SHA512
  
  98f38fbfd74726a24926b9b204aa77001bfa753781b608f330aae9247f39fc9836ad8e075a230beeccfbdc153964c3b57f8290a47a11a16ab183e3239a5f3a22
- SSDEEP
  
  12288:qzbDRgCdJy+vKjt/hp2JIdK6DOAj/di+I/dzAwuFQ5fC:qXVgoy+YdbKh6DOAjVi6wuFQ5fC
Score

10^/10

qakbot bb27 1683811051 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

1

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2