qakbot | 6a26b812c8b55242794b25a6648bfcc11c82bbe84efce2a3385283f2ef2d2312

General

Target

799b7a01e7941fa8baf90b3bc4c6397ca2974429b835949540b0b88162f4fc81.zip
Size

342KB
Sample

240302-xxj5bsgc2y
MD5

43aec3792b3670517a60f06e1a35d883
SHA1

f01930a8d85223957074809fe3551de45afa7eed
SHA256

6a26b812c8b55242794b25a6648bfcc11c82bbe84efce2a3385283f2ef2d2312
SHA512

8f07f76dcebc922b72b74b835daac0556afe7f0a91071804b2ef103048082b1c8a92b3b493dd511bf74506b690d7805931919da0231c8ba16265b57f586a3ec6
SSDEEP

6144:lRZUzR+4v02h7uab/SKhqmwLU9MildbcY1XuR05pO9/RPQBQMMt/wqmVaP:lrW+uM26uq7Tild44+R0+/aQMWYqsaP

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

403.895

Botnet

obama207

Campaign

1664363417

C2

217.165.146.158:993

41.97.179.58:443

86.132.13.49:2078

197.203.50.195:443

85.245.143.94:443

86.196.181.62:2222

102.190.190.242:995

105.184.133.198:995

179.111.23.186:32101

179.251.119.206:995

84.3.85.30:443

39.44.5.104:995

197.41.235.69:995

193.3.19.137:443

186.81.122.168:443

103.173.121.17:443

41.104.80.233:443

102.189.184.12:995

156.199.90.139:443

14.168.180.223:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  799b7a01e7941fa8baf90b3bc4c6397ca2974429b835949540b0b88162f4fc81.dll
- Size
  
  695KB
- MD5
  
  7f848e8045da39b62f447cfefcfbc4d0
- SHA1
  
  19434176868e295ae703d60e61751d9f755831bd
- SHA256
  
  799b7a01e7941fa8baf90b3bc4c6397ca2974429b835949540b0b88162f4fc81
- SHA512
  
  a98f36849b10d34a67dddb6e604385ddb8759cbe31027a5da4d53267289b0e43cc53f05b2e54ec4309bbd2dcb7ba86ef0fa1cde2bb5dc23ebd61db10cb96c6a8
- SSDEEP
  
  12288:nieL1vc1PdFjpmw5qS6xnGWPE/N285UT+QD1lNMA:i81IFnqnPEl5w9M
Score

10^/10

qakbot obama207 1664363417 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2