qakbot | 4679f420f984b13caa7828091ff90cdd623d282f3a0e107af47ac500e5fa5964 | Triage

Sharing

General

Target

b279873e9649901a75047a8623ac0a01.zip
Size

174KB
Sample

210226-98yzxzxd32
MD5

a37f6c8872022149973ab2e45341c75e
SHA1

42a150bfd91655aab294f3c320b49ab8a5544e48
SHA256

4679f420f984b13caa7828091ff90cdd623d282f3a0e107af47ac500e5fa5964
SHA512

5921d2161ffcf8dd9e23c265ab0aac36babf210adedc946561ee74b3a9a65cebf94348d946a1210f5951017b6ae456c8358bc62eab1930b5f9e58f99dfd0768f

Score

10^/10

qakbot obama07 1614243368 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Botnet

obama07

Campaign

1614243368

C2

71.163.223.159:443

87.202.87.210:2222

98.192.185.86:443

78.180.179.136:443

115.133.243.6:443

140.82.49.12:443

2.7.116.188:2222

83.110.11.244:2222

187.250.39.162:443

213.60.147.140:443

188.26.91.212:443

86.236.77.68:2222

172.87.157.235:3389

79.115.174.55:443

113.22.175.141:443

217.133.54.140:32100

83.110.109.106:2222

176.181.247.197:443

59.90.246.200:443

173.21.10.71:2222

Targets

- Target
  
  b279873e9649901a75047a8623ac0a01
- Size
  
  367KB
- MD5
  
  b279873e9649901a75047a8623ac0a01
- SHA1
  
  1a2721ea0a7b32475017ccd8b50c5e746761818f
- SHA256
  
  eea7f39f575b4c65650f7b2a4c4b2bb966558559a584b51943ea04959f921be2
- SHA512
  
  b9d7e8ecd2ba2a9965e1b3177e7f449966d649b6e74879c80916548862b88760a99b446e501b3e1d9fae4126f70459442d6ceb2d262f865363d03c1823deb24d
Score

10^/10

qakbot obama07 1614243368 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotobama071614243368bankerstealertrojan

behavioral2

qakbotobama071614243368bankerstealertrojan