qakbot | 1267da257994e424d5a3c7c431898ec2c7c748b354f231ebb07e5e4ccaa0eafc

General

Target

1267da257994e424d5a3c7c431898ec2c7c748b354f231ebb07e5e4ccaa0eafc
Size

314KB
Sample

240222-makr8sgb83
MD5

30a2fde7780e4928490777897af72057
SHA1

a6755dbc251fddb523e1d8762040108aa5198f8e
SHA256

1267da257994e424d5a3c7c431898ec2c7c748b354f231ebb07e5e4ccaa0eafc
SHA512

89da2592e70ba74a7e96f213dfa13c67085cd03cd2e763e404338d174d09de2e7dafce77c663056e9cf3a966e527bcb8fc20a2a8e8dd0ac316c9dc95b08e9be0
SSDEEP

6144:VXMURcNLpyXU9W5rulKJQ8n7fgK3RnHV2HoS:BN2NNyXUXM7fgK3RnHV2HoS

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.1001

Botnet

BB24

Campaign

1681985211

C2

12.172.173.82:20

187.199.85.154:32103

96.56.197.26:2078

197.1.229.119:443

90.104.151.37:2222

90.55.106.37:2222

92.186.69.229:2222

92.136.62.50:2222

70.112.206.5:443

77.126.185.173:443

96.56.197.26:2083

89.36.206.220:995

93.150.183.229:2222

45.246.235.177:995

92.9.45.20:2222

92.154.17.149:2222

88.126.94.4:50000

176.202.45.209:443

91.35.212.133:995

12.172.173.82:50001

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  1267da257994e424d5a3c7c431898ec2c7c748b354f231ebb07e5e4ccaa0eafc
- Size
  
  314KB
- MD5
  
  30a2fde7780e4928490777897af72057
- SHA1
  
  a6755dbc251fddb523e1d8762040108aa5198f8e
- SHA256
  
  1267da257994e424d5a3c7c431898ec2c7c748b354f231ebb07e5e4ccaa0eafc
- SHA512
  
  89da2592e70ba74a7e96f213dfa13c67085cd03cd2e763e404338d174d09de2e7dafce77c663056e9cf3a966e527bcb8fc20a2a8e8dd0ac316c9dc95b08e9be0
- SSDEEP
  
  6144:VXMURcNLpyXU9W5rulKJQ8n7fgK3RnHV2HoS:BN2NNyXUXM7fgK3RnHV2HoS
Score

10^/10

upx qakbot bb24 1681985211 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

1

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2