qakbot | 3d49f30ed4cef3d532cbc73d99560d7c81db4928e8e2e81d2c83ef09196f17c1

General

Target

Volet2.ocx
Size

807KB
Sample

250114-ry87yszrey
MD5

70ea022ce20cc54eca56b4ef9b49fcb4
SHA1

d58e7bcf9c7949b8ddaf9129a9504202094b48a3
SHA256

3d49f30ed4cef3d532cbc73d99560d7c81db4928e8e2e81d2c83ef09196f17c1
SHA512

4ae829fc2976bade3f3f49144cf7d19d547c3a9936b32fcb4178cd557595d1b7dc9127c878c4502871b272dd6a75335d387accad73115c7a132c10c81143553a
SSDEEP

12288:1o7uuAIEsufrP3FwsmlBdiwW/jJc61gOHGJQ8DgrCrhxEmLl3JQ8DgrCrhxEmLlq:83Lxu73FPv/uGmZgryhxEm/ZgryhxEm

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

403.2

Botnet

obama139

Campaign

1638350683

C2

190.73.3.148:2222

39.49.13.81:995

105.198.236.99:995

136.143.11.232:443

2.222.167.138:443

197.89.11.160:443

117.248.109.38:21

174.20.72.123:443

140.82.49.12:443

78.180.170.159:995

103.142.10.177:443

120.150.218.241:995

91.178.126.51:995

81.250.153.227:2222

194.36.28.26:443

89.101.97.139:443

117.198.158.34:443

189.252.184.31:32101

38.70.253.226:2222

93.48.80.198:995

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  Volet2.ocx
- Size
  
  807KB
- MD5
  
  70ea022ce20cc54eca56b4ef9b49fcb4
- SHA1
  
  d58e7bcf9c7949b8ddaf9129a9504202094b48a3
- SHA256
  
  3d49f30ed4cef3d532cbc73d99560d7c81db4928e8e2e81d2c83ef09196f17c1
- SHA512
  
  4ae829fc2976bade3f3f49144cf7d19d547c3a9936b32fcb4178cd557595d1b7dc9127c878c4502871b272dd6a75335d387accad73115c7a132c10c81143553a
- SSDEEP
  
  12288:1o7uuAIEsufrP3FwsmlBdiwW/jJc61gOHGJQ8DgrCrhxEmLl3JQ8DgrCrhxEmLlq:83Lxu73FPv/uGmZgryhxEm/ZgryhxEm
Score

10^/10

qakbot obama139 1638350683 banker discovery stealer trojan
- Qakbot family
  qakbot
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Qakbot family

Qakbot/Qbot

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2