qakbot | 7ca94f5975a02a4dc3cfe92b40e266a2a3f38639ff71e20e09e8d0343b6a5ecb

General

Target

cd9bba2a50ea2b09b6e7d07c584c799f.dll
Size

1.0MB
Sample

210428-stegpbrtds
MD5

cd9bba2a50ea2b09b6e7d07c584c799f
SHA1

e637a485e898bd9dbf8932ac3c829e971c334c24
SHA256

7ca94f5975a02a4dc3cfe92b40e266a2a3f38639ff71e20e09e8d0343b6a5ecb
SHA512

512e1be192da6167c3276a044c2a04a62ad2911225bbb163fd32dbdd1a47ad39570fff00f77b203f872286a620609e1a439657bee6edfacaa95ffc210813e9fc

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

402.12

Botnet

obama35

Campaign

1619617557

C2

24.117.107.120:443

75.137.47.174:443

105.198.236.101:443

81.97.154.100:443

216.201.162.158:443

71.187.170.235:443

47.196.192.184:443

136.232.34.70:443

47.22.148.6:443

75.67.192.125:443

24.229.150.54:995

172.78.40.61:443

144.139.47.206:443

71.163.222.243:443

45.63.107.192:995

24.226.156.153:443

190.85.91.154:443

71.41.184.10:3389

140.82.49.12:443

73.25.124.140:2222

Targets

- Target
  
  cd9bba2a50ea2b09b6e7d07c584c799f.dll
- Size
  
  1.0MB
- MD5
  
  cd9bba2a50ea2b09b6e7d07c584c799f
- SHA1
  
  e637a485e898bd9dbf8932ac3c829e971c334c24
- SHA256
  
  7ca94f5975a02a4dc3cfe92b40e266a2a3f38639ff71e20e09e8d0343b6a5ecb
- SHA512
  
  512e1be192da6167c3276a044c2a04a62ad2911225bbb163fd32dbdd1a47ad39570fff00f77b203f872286a620609e1a439657bee6edfacaa95ffc210813e9fc
Score

10^/10

qakbot obama35 1619617557 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2