qakbot | 7c7c126c5f700cf82fdb3cf2cd51825dac60a6db2e22d4c5054ec7753ddb78f3

General

Target

44355.1293328704.dat
Size

1011KB
Sample

210608-lrwbecypla
MD5

e645b422c302ace5e3b49397ba8cddbb
SHA1

e84466bc472e85ae89655261615a09df49baf8e9
SHA256

7c7c126c5f700cf82fdb3cf2cd51825dac60a6db2e22d4c5054ec7753ddb78f3
SHA512

223a194c96b6183400c48a6868862773dee675e8e3be06fede6018910c777742eeb464be9ced475d1fe2a84d8fdc19e7ab13c1d3883150aab03358ef7aa6452a

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

402.68

Botnet

obama56

Campaign

1623057963

C2

83.110.109.189:2222

140.82.49.12:443

68.186.192.69:443

90.65.234.26:2222

190.85.91.154:443

81.97.154.100:443

86.220.62.251:2222

96.61.23.88:995

172.78.51.35:443

98.192.185.86:443

184.185.103.157:443

105.198.236.99:443

24.179.77.236:443

75.67.192.125:443

24.152.219.253:995

188.26.91.212:443

95.77.223.148:443

92.59.35.196:2222

47.22.148.6:443

149.28.98.196:443

Targets

- Target
  
  44355.1293328704.dat
- Size
  
  1011KB
- MD5
  
  e645b422c302ace5e3b49397ba8cddbb
- SHA1
  
  e84466bc472e85ae89655261615a09df49baf8e9
- SHA256
  
  7c7c126c5f700cf82fdb3cf2cd51825dac60a6db2e22d4c5054ec7753ddb78f3
- SHA512
  
  223a194c96b6183400c48a6868862773dee675e8e3be06fede6018910c777742eeb464be9ced475d1fe2a84d8fdc19e7ab13c1d3883150aab03358ef7aa6452a
Score

10^/10

qakbot obama56 1623057963 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2