qakbot | 91b2699d3ab9975d1c1648e46826114e85275df98757594561011576ad7d502b | Triage

Sharing

General

Target

91b2699d3ab9975d1c1648e46826114e85275df98757594561011576ad7d502b
Size

367KB
Sample

230129-wlcenshf5y
MD5

99fac0e2ce4cdb8050e840b62318d6f1
SHA1

f690c8ac8ba4fc9d8edf9e45d3c1f82fe034e40c
SHA256

91b2699d3ab9975d1c1648e46826114e85275df98757594561011576ad7d502b
SHA512

e17cafe8183ee246a975b128ab811c1165e80dfde43fea86f47a58991a0198e1147e6152d131f4d793ff992d41b06ec0ff3f6f9457f29be0b2b324d7880176fc
SSDEEP

6144:IY75ZesN73wU7HuAmHKmlEwrPmRPWEpWFn2E6lyDntvhhOU35RJy:IqfTVByqTwr03pdf8vhhOKJy

Score

10^/10

qakbot obama07 1614243368 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

401.138

Botnet

obama07

Campaign

1614243368

C2

71.163.223.159:443

87.202.87.210:2222

98.192.185.86:443

78.180.179.136:443

115.133.243.6:443

140.82.49.12:443

2.7.116.188:2222

83.110.11.244:2222

187.250.39.162:443

213.60.147.140:443

188.26.91.212:443

86.236.77.68:2222

172.87.157.235:3389

79.115.174.55:443

113.22.175.141:443

217.133.54.140:32100

83.110.109.106:2222

176.181.247.197:443

59.90.246.200:443

173.21.10.71:2222

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  91b2699d3ab9975d1c1648e46826114e85275df98757594561011576ad7d502b
- Size
  
  367KB
- MD5
  
  99fac0e2ce4cdb8050e840b62318d6f1
- SHA1
  
  f690c8ac8ba4fc9d8edf9e45d3c1f82fe034e40c
- SHA256
  
  91b2699d3ab9975d1c1648e46826114e85275df98757594561011576ad7d502b
- SHA512
  
  e17cafe8183ee246a975b128ab811c1165e80dfde43fea86f47a58991a0198e1147e6152d131f4d793ff992d41b06ec0ff3f6f9457f29be0b2b324d7880176fc
- SSDEEP
  
  6144:IY75ZesN73wU7HuAmHKmlEwrPmRPWEpWFn2E6lyDntvhhOU35RJy:IqfTVByqTwr03pdf8vhhOKJy
Score

10^/10

qakbot obama07 1614243368 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

qakbotobama071614243368bankerstealertrojan

behavioral2

qakbotobama071614243368bankerstealertrojan