qakbot | 0187c57094a61d34fd6d7fb93fe6d826e5d7f0490378c664c41c30deb3f761bf

General

Target

c8a6fddaae6139af6ebaae08e9f1d59b
Size

1.0MB
Sample

210614-mqf7qc9mr2
MD5

c8a6fddaae6139af6ebaae08e9f1d59b
SHA1

197519904b6f1fcb63d86d8746cefee499c0a811
SHA256

0187c57094a61d34fd6d7fb93fe6d826e5d7f0490378c664c41c30deb3f761bf
SHA512

f24258b3a7b33d08f5f37393a9eefc2ab43aa3c8d4465b47520b5592d0a3b95945cfbfcfd56121e23814af246b37e172322ecb3187ca0168e0f3b63e4b2a1461

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

402.68

Botnet

obama59

Campaign

1623398674

C2

105.198.236.101:443

136.232.34.70:443

45.32.211.207:995

45.32.211.207:2222

149.28.99.97:995

45.63.107.192:2222

207.246.77.75:995

149.28.99.97:443

149.28.99.97:2222

45.32.211.207:443

45.32.211.207:8443

45.63.107.192:995

45.63.107.192:443

149.28.98.196:2222

149.28.98.196:995

149.28.98.196:443

144.202.38.185:443

144.202.38.185:2222

144.202.38.185:995

149.28.101.90:443

Targets

- Target
  
  c8a6fddaae6139af6ebaae08e9f1d59b
- Size
  
  1.0MB
- MD5
  
  c8a6fddaae6139af6ebaae08e9f1d59b
- SHA1
  
  197519904b6f1fcb63d86d8746cefee499c0a811
- SHA256
  
  0187c57094a61d34fd6d7fb93fe6d826e5d7f0490378c664c41c30deb3f761bf
- SHA512
  
  f24258b3a7b33d08f5f37393a9eefc2ab43aa3c8d4465b47520b5592d0a3b95945cfbfcfd56121e23814af246b37e172322ecb3187ca0168e0f3b63e4b2a1461
Score

10^/10

qakbot obama59 1623398674 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2