qakbot | 3f95c530e06f4e916609fd0de47f8236e52cd1d7ced2da91f85931472a88df14

General

Target

44356.5817364583.dat =^_^=
Size

1.3MB
Sample

210609-ygxa3kn1ms
MD5

0b3a69b646592beaae64369e3ebe8afa
SHA1

d2c7b41bb06966388a7321e6620507f050d726ca
SHA256

3f95c530e06f4e916609fd0de47f8236e52cd1d7ced2da91f85931472a88df14
SHA512

4443e65706b33d40054be51fe6b62f0d940ba70d0ccdeff8d697aa577b4310425854995d937d8602dd88720300a2d53e35b23df6ce6af97c43bd9813925a2f26

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

402.68

Botnet

obama58

Campaign

1623232673

C2

75.67.192.125:443

24.179.77.236:443

97.69.160.4:2222

24.152.219.253:995

47.22.148.6:443

92.59.35.196:2222

216.201.162.158:443

86.220.62.251:2222

105.198.236.99:443

136.232.34.70:443

81.97.154.100:443

81.214.126.173:2222

71.41.184.10:3389

76.25.142.196:443

83.110.108.43:2222

125.239.44.146:995

190.85.91.154:443

140.82.49.12:443

105.198.236.101:443

68.186.192.69:443

Targets

- Target
  
  44356.5817364583.dat =^_^=
- Size
  
  1.3MB
- MD5
  
  0b3a69b646592beaae64369e3ebe8afa
- SHA1
  
  d2c7b41bb06966388a7321e6620507f050d726ca
- SHA256
  
  3f95c530e06f4e916609fd0de47f8236e52cd1d7ced2da91f85931472a88df14
- SHA512
  
  4443e65706b33d40054be51fe6b62f0d940ba70d0ccdeff8d697aa577b4310425854995d937d8602dd88720300a2d53e35b23df6ce6af97c43bd9813925a2f26
Score

10^/10

qakbot obama58 1623232673 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2