qakbot | a62009076fdd3089159cf06d4e5fecac4841ec41a4b15afba25ac419b9f81c2b

General

Target

a62009076fdd3089159cf06d4e5fecac4841ec41a4b15afba25ac419b9f81c2b
Size

950KB
Sample

240226-1xzrkahg6w
MD5

bde3f7d2e64d64ab37c438a8ed940040
SHA1

5d517917c448323fbcff9e89a0a4976fa8163e51
SHA256

a62009076fdd3089159cf06d4e5fecac4841ec41a4b15afba25ac419b9f81c2b
SHA512

450767f692d66f45c8e1c4da2f45917b00d47d1fe81aa29e8afc1a8299d5238a2e0df2d113f5d475fc096439935280ac8f8f3e7e2bfd8df716b55d161b8bb280
SSDEEP

24576:XkTptLPTzYt/9YIck3BCQpTSoFNMKD8W:0DQZJ3f7MKr

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

403.573

Botnet

obama177

Campaign

1650443077

C2

47.23.89.62:993

2.50.4.57:443

172.114.160.81:443

75.99.168.194:443

108.60.213.141:443

180.183.134.56:2222

190.73.3.148:2222

202.134.152.2:2222

84.241.8.23:32103

24.43.99.75:443

203.122.46.130:443

117.248.109.38:21

74.15.2.252:2222

1.161.67.235:995

103.116.178.85:995

38.70.253.226:2222

47.23.89.62:995

148.64.96.100:443

86.98.156.198:993

187.207.47.198:61202

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  a62009076fdd3089159cf06d4e5fecac4841ec41a4b15afba25ac419b9f81c2b
- Size
  
  950KB
- MD5
  
  bde3f7d2e64d64ab37c438a8ed940040
- SHA1
  
  5d517917c448323fbcff9e89a0a4976fa8163e51
- SHA256
  
  a62009076fdd3089159cf06d4e5fecac4841ec41a4b15afba25ac419b9f81c2b
- SHA512
  
  450767f692d66f45c8e1c4da2f45917b00d47d1fe81aa29e8afc1a8299d5238a2e0df2d113f5d475fc096439935280ac8f8f3e7e2bfd8df716b55d161b8bb280
- SSDEEP
  
  24576:XkTptLPTzYt/9YIck3BCQpTSoFNMKD8W:0DQZJ3f7MKr
Score

10^/10

qakbot obama177 1650443077 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2