qakbot | 5f055b2ee3364f00afe1496ee6539a964cd02633aa737da81f54db4b82250242

General

Target

Elected.Styce
Size

999KB
Sample

230516-s8njnsbe29
MD5

63463b4263c923f228d5522cab5c4073
SHA1

5861e518755eedd5b9206b013e6e3500a42da6ed
SHA256

5f055b2ee3364f00afe1496ee6539a964cd02633aa737da81f54db4b82250242
SHA512

07c6c0f4e87ab1e1e73f430c7355dc93a21833676204499e6853554219197f994df4b77b9547c5d0fa8ee67c1157e08a5101f8d2db56a6ac398bfd5a20637e7e
SSDEEP

12288:UjYxnjXcBIlezoQy41hY1eOuQxb64XpyUJM64eMr4JlMxx8Q484xvVAc+IFBNp:UUpcBSf4IeOlbrooi4JluqMQl

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.1038

Botnet

BB28

Campaign

1684145503

C2

74.33.196.114:443

108.190.115.159:443

47.21.51.138:443

76.16.49.134:443

113.11.92.30:443

98.19.234.243:995

197.14.208.59:443

88.126.94.4:50000

24.69.137.232:2222

70.28.50.223:32100

184.176.35.223:2222

12.172.173.82:50001

87.202.101.164:50000

70.28.50.223:2087

75.109.111.89:443

86.130.9.227:2222

12.172.173.82:32101

70.28.50.223:3389

80.12.88.148:2222

174.118.68.176:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Elected.Styce
- Size
  
  999KB
- MD5
  
  63463b4263c923f228d5522cab5c4073
- SHA1
  
  5861e518755eedd5b9206b013e6e3500a42da6ed
- SHA256
  
  5f055b2ee3364f00afe1496ee6539a964cd02633aa737da81f54db4b82250242
- SHA512
  
  07c6c0f4e87ab1e1e73f430c7355dc93a21833676204499e6853554219197f994df4b77b9547c5d0fa8ee67c1157e08a5101f8d2db56a6ac398bfd5a20637e7e
- SSDEEP
  
  12288:UjYxnjXcBIlezoQy41hY1eOuQxb64XpyUJM64eMr4JlMxx8Q484xvVAc+IFBNp:UUpcBSf4IeOlbrooi4JluqMQl
Score

10^/10

qakbot bb28 1684145503 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

1

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2