qakbot | 90cd52a9005b6139c2fa84f9b139daff9c77be4dd38ecaf07f0f616612e7a205

General

Target

44364.4585763888.dat
Size

733KB
Sample

210617-3ytmqc2ymj
MD5

730dcbb3f3ea845066a1b9dbee946e72
SHA1

09d1199960b755b09cc78b82478678bc5baada20
SHA256

90cd52a9005b6139c2fa84f9b139daff9c77be4dd38ecaf07f0f616612e7a205
SHA512

1f5430a8c842eae222246a3c58be08b9d37b634a89bb610b135a41f5747add5f81270df9ca0be155f92837235565614356aff770afe179bbd991b6b544b2ad6a

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

402.115

Botnet

obama61

Campaign

1623917498

C2

86.220.60.247:2222

24.179.77.236:443

68.186.192.69:443

197.45.110.165:995

96.253.46.210:443

186.144.33.73:443

175.136.38.142:443

47.22.148.6:443

76.25.142.196:443

45.32.211.207:443

207.246.116.237:8443

45.77.115.208:443

45.77.115.208:995

149.28.101.90:2222

207.246.116.237:443

144.202.38.185:2222

149.28.101.90:995

207.246.77.75:443

207.246.77.75:995

207.246.77.75:2222

Targets

- Target
  
  44364.4585763888.dat
- Size
  
  733KB
- MD5
  
  730dcbb3f3ea845066a1b9dbee946e72
- SHA1
  
  09d1199960b755b09cc78b82478678bc5baada20
- SHA256
  
  90cd52a9005b6139c2fa84f9b139daff9c77be4dd38ecaf07f0f616612e7a205
- SHA512
  
  1f5430a8c842eae222246a3c58be08b9d37b634a89bb610b135a41f5747add5f81270df9ca0be155f92837235565614356aff770afe179bbd991b6b544b2ad6a
Score

10^/10

qakbot obama61 1623917498 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2