qakbot | 44a9e4d93681d1db2df7a63a868513aa84ce0a9020b1e5a788f8d84f4f97f90d | Triage

Sharing

General

Target

68135BC9DB57763C8800A953D52989A6.bin
Size

1011KB
Sample

210608-15e325snpx
MD5

68135bc9db57763c8800a953d52989a6
SHA1

497e7c5538ee584a70d8b3ae485effd8e96df723
SHA256

44a9e4d93681d1db2df7a63a868513aa84ce0a9020b1e5a788f8d84f4f97f90d
SHA512

244074f1aa05273bcd1cb805605ae530e05fa67be2389d50a04e39ddb912aa31db04ac26f988596dcc6e4a464090d8debc2a62822635288b89165f04c7120217

Score

10^/10

qakbot obama56 1623057963 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

402.68

Botnet

obama56

Campaign

1623057963

C2

83.110.109.189:2222

140.82.49.12:443

68.186.192.69:443

90.65.234.26:2222

190.85.91.154:443

81.97.154.100:443

86.220.62.251:2222

96.61.23.88:995

172.78.51.35:443

98.192.185.86:443

184.185.103.157:443

105.198.236.99:443

24.179.77.236:443

75.67.192.125:443

24.152.219.253:995

188.26.91.212:443

95.77.223.148:443

92.59.35.196:2222

47.22.148.6:443

149.28.98.196:443

Targets

- Target
  
  68135BC9DB57763C8800A953D52989A6.bin
- Size
  
  1011KB
- MD5
  
  68135bc9db57763c8800a953d52989a6
- SHA1
  
  497e7c5538ee584a70d8b3ae485effd8e96df723
- SHA256
  
  44a9e4d93681d1db2df7a63a868513aa84ce0a9020b1e5a788f8d84f4f97f90d
- SHA512
  
  244074f1aa05273bcd1cb805605ae530e05fa67be2389d50a04e39ddb912aa31db04ac26f988596dcc6e4a464090d8debc2a62822635288b89165f04c7120217
Score

10^/10

qakbot obama56 1623057963 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Command-Line Interface

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

qakbotobama561623057963bankerstealertrojan

behavioral2

qakbotobama561623057963bankerstealertrojan