qakbot | 39201aefa0aa3beedacc9f5bbbf53869562271878f371aee22d96745d68ac46e

General

Target

Broy.dll
Size

1.0MB
Sample

210614-scp7k59dne
MD5

0ece5e28292ab6df7ff1124fdbe3ff9c
SHA1

1558e924f43789970ebef9b30e5e6e72d09836b2
SHA256

39201aefa0aa3beedacc9f5bbbf53869562271878f371aee22d96745d68ac46e
SHA512

80480b1d4d2096ecfd71c51a5f3d5b8951038ca3f9a33a50dbe46d3455bb83faed319485a825bf2ff290a4b32ff9b59260119aac24458b74a206012495383abd

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

402.68

Botnet

obama59

Campaign

1623398674

C2

105.198.236.101:443

136.232.34.70:443

45.32.211.207:995

45.32.211.207:2222

149.28.99.97:995

45.63.107.192:2222

207.246.77.75:995

149.28.99.97:443

149.28.99.97:2222

45.32.211.207:443

45.32.211.207:8443

45.63.107.192:995

45.63.107.192:443

149.28.98.196:2222

149.28.98.196:995

149.28.98.196:443

144.202.38.185:443

144.202.38.185:2222

144.202.38.185:995

149.28.101.90:443

Targets

- Target
  
  Broy.dll
- Size
  
  1.0MB
- MD5
  
  0ece5e28292ab6df7ff1124fdbe3ff9c
- SHA1
  
  1558e924f43789970ebef9b30e5e6e72d09836b2
- SHA256
  
  39201aefa0aa3beedacc9f5bbbf53869562271878f371aee22d96745d68ac46e
- SHA512
  
  80480b1d4d2096ecfd71c51a5f3d5b8951038ca3f9a33a50dbe46d3455bb83faed319485a825bf2ff290a4b32ff9b59260119aac24458b74a206012495383abd
Score

10^/10

qakbot obama59 1623398674 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2