qakbot | e4c669aaa5e441eb95dc6baed3e93cc4bd018dd1a03013719283f12cf4322ed8

General

Target

0c1e121f1ea651cb7821c8513bda49e0_JaffaCakes118
Size

2.2MB
Sample

240501-sjyy4sbg79
MD5

0c1e121f1ea651cb7821c8513bda49e0
SHA1

23c934cb077fdeb2c8e28e4b7538e757f2bada4e
SHA256

e4c669aaa5e441eb95dc6baed3e93cc4bd018dd1a03013719283f12cf4322ed8
SHA512

1f15292173208507b9032ed3106d6dc4b2def17e94a321f9792a80aeaeda6524e19c47fc577d9fa5e6f4e97f79d5aa2548ab6d3a20d8845e3f2aa87fde7fd4fd
SSDEEP

49152:/vg4jQjV4dwSdWaLE5cUlSBuccoi+g9ESezNfSZX2VJc4+lEOpVzm:/vdQjVBSxLQcUlSBucziUzCQW/lEOK

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

323.91

Botnet

spx09

Campaign

1568796588

C2

76.72.79.230:6881

167.60.80.249:443

71.77.231.251:443

75.69.3.12:443

209.182.122.217:443

71.84.5.114:443

68.174.15.223:443

174.16.255.191:993

113.77.241.26:443

186.47.208.238:50000

173.16.78.208:443

64.19.74.29:995

71.30.56.170:443

162.244.224.166:443

189.160.203.223:443

73.202.121.222:443

75.56.175.129:995

66.91.141.62:443

181.197.195.138:995

50.96.150.242:995

Targets

- Target
  
  CO4472899025222158173.vbs
- Size
  
  4.3MB
- MD5
  
  613bd73ab6c277315f2023c249363bd7
- SHA1
  
  59719f854727ad73bc32e4e1b0ddc89b39161d98
- SHA256
  
  ddcb65af6a76fa4e328a6421ba1dface01627ec1e4b56795d81c58610c5f0868
- SHA512
  
  32fc2f50ef2b55042526563805dc8d98b5b43391762dccc66973ebffe3bd385f2447b6ab9c1a746433d4394ded4173e94c472ecf16fc96545efce3f79a3126eb
- SSDEEP
  
  49152:U9Sew9BkAzFpzVTQ3Bcts+6DReqKwHLDhRvOVUDnRZXL0Tu8mGURWsT2GbbWre3W:b
Score

10^/10

qakbot spx09 1568796588 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2