qakbot | 1e3162287dd50fd4d3b3f677b460b0dbef37f1cc19aa838214b48d0add8bd98d

General

Target

0df7b8c34f16b88c4d48aa210fa2a2c2
Size

1.0MB
Sample

210614-5e3z9vh83a
MD5

0df7b8c34f16b88c4d48aa210fa2a2c2
SHA1

ff6d7eb964608bcd6672f321b3d1369fce12eeb8
SHA256

1e3162287dd50fd4d3b3f677b460b0dbef37f1cc19aa838214b48d0add8bd98d
SHA512

0595cbb26524555eb542b6c1ab3d289dc50329bd392cb64a61aeb3ab4b9635e3ecd951c32441120988674dee9bd3eefa8e1f165cd10a761a2509d3a34a8adb1d

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

402.68

Botnet

obama59

Campaign

1623398674

C2

105.198.236.101:443

136.232.34.70:443

45.32.211.207:995

45.32.211.207:2222

149.28.99.97:995

45.63.107.192:2222

207.246.77.75:995

149.28.99.97:443

149.28.99.97:2222

45.32.211.207:443

45.32.211.207:8443

45.63.107.192:995

45.63.107.192:443

149.28.98.196:2222

149.28.98.196:995

149.28.98.196:443

144.202.38.185:443

144.202.38.185:2222

144.202.38.185:995

149.28.101.90:443

Targets

- Target
  
  0df7b8c34f16b88c4d48aa210fa2a2c2
- Size
  
  1.0MB
- MD5
  
  0df7b8c34f16b88c4d48aa210fa2a2c2
- SHA1
  
  ff6d7eb964608bcd6672f321b3d1369fce12eeb8
- SHA256
  
  1e3162287dd50fd4d3b3f677b460b0dbef37f1cc19aa838214b48d0add8bd98d
- SHA512
  
  0595cbb26524555eb542b6c1ab3d289dc50329bd392cb64a61aeb3ab4b9635e3ecd951c32441120988674dee9bd3eefa8e1f165cd10a761a2509d3a34a8adb1d
Score

10^/10

qakbot obama59 1623398674 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2