qakbot | 730d5275c8d2b6816d5bfea8a5ae38c12c02889564108190dbc1de54ee8af5fc

General

Target

44363.9280641204.dat
Size

893KB
Sample

210616-mr7r5yedh6
MD5

7db931807b1bff8435dbd8c0c28d5c95
SHA1

8152183ce29f1d7cdff00ce869ce3de5a31d3fe3
SHA256

730d5275c8d2b6816d5bfea8a5ae38c12c02889564108190dbc1de54ee8af5fc
SHA512

c6bd98eb92a3270e06ac38951e19bcdc8b0e794d7c04d48ca6ab340699e3a0340321436244763aff8ffd1a0f2b2a2df56b1c0f4b731e047d22fb04f3884da309

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

402.115

Botnet

obama60

Campaign

1623861943

C2

90.65.234.26:2222

75.137.47.174:443

24.55.112.61:443

24.229.150.54:995

86.220.60.247:2222

184.185.103.157:443

24.139.72.117:443

71.41.184.10:3389

98.192.185.86:443

188.26.180.140:443

75.118.1.141:443

109.12.111.14:443

98.252.118.134:443

24.179.77.236:443

96.253.46.210:443

189.210.115.207:443

186.144.33.73:443

213.122.113.120:443

47.22.148.6:443

72.252.201.69:443

Targets

- Target
  
  44363.9280641204.dat
- Size
  
  893KB
- MD5
  
  7db931807b1bff8435dbd8c0c28d5c95
- SHA1
  
  8152183ce29f1d7cdff00ce869ce3de5a31d3fe3
- SHA256
  
  730d5275c8d2b6816d5bfea8a5ae38c12c02889564108190dbc1de54ee8af5fc
- SHA512
  
  c6bd98eb92a3270e06ac38951e19bcdc8b0e794d7c04d48ca6ab340699e3a0340321436244763aff8ffd1a0f2b2a2df56b1c0f4b731e047d22fb04f3884da309
Score

10^/10

qakbot obama60 1623861943 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2