qakbot | 1cc6797a4c88b20ab0be93234d2b3cfe0fb1552bb7ff825085c18b43930a15eb

General

Target

3020000.dll
Size

230KB
Sample

210609-l1ch869pas
MD5

c1849c1ee3b8146c6fb836dae0b64652
SHA1

2d51da5b5b7861d3068daab932d5fbf07586d3fc
SHA256

1cc6797a4c88b20ab0be93234d2b3cfe0fb1552bb7ff825085c18b43930a15eb
SHA512

837e671673508cae89f813fdc90396f417b73ff137ba3dd038e45473302009f8f7e011f81cc4291611f3855ff5c18058ffdd1719175f85b130ef968a37b6d93a

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

402.68

Botnet

obama57

Campaign

1623136472

C2

97.69.160.4:2222

75.67.192.125:443

86.220.62.251:2222

24.179.77.236:443

197.45.110.165:995

27.223.92.142:995

24.152.219.253:995

47.22.148.6:443

92.59.35.196:2222

136.232.34.70:443

188.26.91.212:443

149.28.101.90:2222

149.28.101.90:8443

207.246.77.75:995

45.77.115.208:2222

45.77.115.208:443

149.28.98.196:443

144.202.38.185:995

45.77.117.108:995

207.246.77.75:8443

Targets

- Target
  
  3020000.dll
- Size
  
  230KB
- MD5
  
  c1849c1ee3b8146c6fb836dae0b64652
- SHA1
  
  2d51da5b5b7861d3068daab932d5fbf07586d3fc
- SHA256
  
  1cc6797a4c88b20ab0be93234d2b3cfe0fb1552bb7ff825085c18b43930a15eb
- SHA512
  
  837e671673508cae89f813fdc90396f417b73ff137ba3dd038e45473302009f8f7e011f81cc4291611f3855ff5c18058ffdd1719175f85b130ef968a37b6d93a
Score

10^/10

qakbot obama57 1623136472 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2