qakbot | de27b46fa2d173f2999b99eded2746f66d44f79e9d8b6543fc9287c4646c9614

General

Target

1bd90f4888385286f3aa1788c2256e4a
Size

1.2MB
Sample

210608-cylxplzffa
MD5

1bd90f4888385286f3aa1788c2256e4a
SHA1

325dfaf053dae7ef044989a120738a18b7c10547
SHA256

de27b46fa2d173f2999b99eded2746f66d44f79e9d8b6543fc9287c4646c9614
SHA512

75ea4e1a91d5b9e5eb873974a13d5309ad03632c87d8c29fa28b4c095624177be4a70ff946cb1ab432d249e39e3fa2c29f131e0e05f7eec748e9f0dc84931d79

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

402.68

Botnet

obama57

Campaign

1623136472

C2

97.69.160.4:2222

75.67.192.125:443

86.220.62.251:2222

24.179.77.236:443

197.45.110.165:995

27.223.92.142:995

24.152.219.253:995

47.22.148.6:443

92.59.35.196:2222

136.232.34.70:443

188.26.91.212:443

149.28.101.90:2222

149.28.101.90:8443

207.246.77.75:995

45.77.115.208:2222

45.77.115.208:443

149.28.98.196:443

144.202.38.185:995

45.77.117.108:995

207.246.77.75:8443

Targets

- Target
  
  1bd90f4888385286f3aa1788c2256e4a
- Size
  
  1.2MB
- MD5
  
  1bd90f4888385286f3aa1788c2256e4a
- SHA1
  
  325dfaf053dae7ef044989a120738a18b7c10547
- SHA256
  
  de27b46fa2d173f2999b99eded2746f66d44f79e9d8b6543fc9287c4646c9614
- SHA512
  
  75ea4e1a91d5b9e5eb873974a13d5309ad03632c87d8c29fa28b4c095624177be4a70ff946cb1ab432d249e39e3fa2c29f131e0e05f7eec748e9f0dc84931d79
Score

10^/10

qakbot obama57 1623136472 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2