qakbot | 9bb396b30891b28be08339c37ce6c249989f0e1c90a8755dc445c8417e6d0f27

General

Target

550000.dll
Size

230KB
Sample

210609-7vg6zarjhs
MD5

25984af48fa27ec36bd257f8478aa628
SHA1

a786fa7c5b9c71fff963581c1792f8a044262929
SHA256

9bb396b30891b28be08339c37ce6c249989f0e1c90a8755dc445c8417e6d0f27
SHA512

9de996ebbb2259c5b622d1bc00a6cb0f46766581e1fa3f18769b799daa7c76714b68c287ae995080355ba334ad9419c8facc57c9cdb5c2904e40bb62693d22d1

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

402.68

Botnet

obama53

Campaign

1622633996

C2

96.61.23.88:995

86.220.62.251:2222

71.74.12.34:443

75.67.192.125:443

24.152.219.253:995

105.198.236.101:443

24.179.77.236:443

47.22.148.6:443

92.59.35.196:2222

81.97.154.100:443

207.246.116.237:443

207.246.77.75:995

45.32.211.207:2222

45.77.115.208:443

149.28.98.196:443

45.77.115.208:2222

144.202.38.185:995

45.77.115.208:8443

207.246.77.75:8443

207.246.77.75:443

Targets

- Target
  
  550000.dll
- Size
  
  230KB
- MD5
  
  25984af48fa27ec36bd257f8478aa628
- SHA1
  
  a786fa7c5b9c71fff963581c1792f8a044262929
- SHA256
  
  9bb396b30891b28be08339c37ce6c249989f0e1c90a8755dc445c8417e6d0f27
- SHA512
  
  9de996ebbb2259c5b622d1bc00a6cb0f46766581e1fa3f18769b799daa7c76714b68c287ae995080355ba334ad9419c8facc57c9cdb5c2904e40bb62693d22d1
Score

10^/10

qakbot obama53 1622633996 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2