qakbot | 11a37b108a01f9c6bcb2bbf4f7cd72d407280b9f3d33c223cc67bc2c6656c012

General

Target

d17397b16b127f8e525f5b6acc121b1a
Size

797KB
Sample

210422-2a5jwm2qn2
MD5

d17397b16b127f8e525f5b6acc121b1a
SHA1

cdf9c51d9fa1f1fd1eb4f4e231f67bbc826ba6d6
SHA256

11a37b108a01f9c6bcb2bbf4f7cd72d407280b9f3d33c223cc67bc2c6656c012
SHA512

cd1a27726ee4d1982f3fb627315e65419f0b4bfe42bb3e3e2d83ae2193543787580fa9ba7e9b2bdf190975cc2172be39b7ba262a5b59b8db1d0459fc630caf32

Score

10^/10

Malware Config

Extracted

Family

qakbot

Botnet

obama32

Campaign

1618995682

C2

190.85.91.154:443

140.82.49.12:443

96.37.113.36:993

73.25.124.140:2222

71.41.184.10:3389

50.244.112.106:443

78.63.226.32:443

24.152.219.253:995

105.198.236.99:443

149.28.101.90:8443

149.28.101.90:443

149.28.101.90:2222

45.77.115.208:8443

207.246.77.75:8443

207.246.77.75:2222

207.246.116.237:2222

45.77.117.108:995

144.202.38.185:2222

207.246.77.75:995

207.246.77.75:443

Targets

- Target
  
  d17397b16b127f8e525f5b6acc121b1a
- Size
  
  797KB
- MD5
  
  d17397b16b127f8e525f5b6acc121b1a
- SHA1
  
  cdf9c51d9fa1f1fd1eb4f4e231f67bbc826ba6d6
- SHA256
  
  11a37b108a01f9c6bcb2bbf4f7cd72d407280b9f3d33c223cc67bc2c6656c012
- SHA512
  
  cd1a27726ee4d1982f3fb627315e65419f0b4bfe42bb3e3e2d83ae2193543787580fa9ba7e9b2bdf190975cc2172be39b7ba262a5b59b8db1d0459fc630caf32
Score

10^/10

qakbot obama32 1618995682 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2