qakbot | 0da8df441dc92d6719092aea1d3e9709e802aa87410279374d69626573fd3177

General

Target

0da8df441dc92d6719092aea1d3e9709e802aa87410279374d69626573fd3177
Size

962KB
Sample

240410-lh9wnaag37
MD5

0e1ef34baea2804ddfff00192798ae11
SHA1

4f0629ae035e20d6867dcc36623796da589196ef
SHA256

0da8df441dc92d6719092aea1d3e9709e802aa87410279374d69626573fd3177
SHA512

73d5b1063cb0dac908aafccb5bfbf686c229bc4069a30f511c4279663d660ab5f7eb0521387cc3b721a87dcda35eb40a2c1f0e20fc0371c427c55767a59cf0f2
SSDEEP

24576:WUOufZwcfSBT00hpXFfvWVhDb9kkVsVdp01bnggeeWDXDwH:x

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

403.573

Botnet

obama180

Campaign

1650959141

C2

2.50.4.57:443

85.246.82.244:443

121.7.223.59:2222

197.161.137.67:993

38.70.253.226:2222

47.23.89.62:993

172.114.160.81:443

75.99.168.194:443

82.152.39.39:443

108.60.213.141:443

148.64.96.100:443

167.86.191.84:443

187.207.47.198:61202

103.107.113.120:443

203.122.46.130:443

106.51.48.170:50001

47.23.89.62:995

140.82.49.12:443

102.65.38.74:443

103.246.242.202:443

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  0da8df441dc92d6719092aea1d3e9709e802aa87410279374d69626573fd3177
- Size
  
  962KB
- MD5
  
  0e1ef34baea2804ddfff00192798ae11
- SHA1
  
  4f0629ae035e20d6867dcc36623796da589196ef
- SHA256
  
  0da8df441dc92d6719092aea1d3e9709e802aa87410279374d69626573fd3177
- SHA512
  
  73d5b1063cb0dac908aafccb5bfbf686c229bc4069a30f511c4279663d660ab5f7eb0521387cc3b721a87dcda35eb40a2c1f0e20fc0371c427c55767a59cf0f2
- SSDEEP
  
  24576:WUOufZwcfSBT00hpXFfvWVhDb9kkVsVdp01bnggeeWDXDwH:x
Score

10^/10

qakbot obama180 1650959141 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2