qakbot | bd09c02a8064de5f44d409eae767cfaa743c154edf967986f87ffb703467cf62

General

Target

a4d36466a9c1e7a7296c41fbff701c05
Size

736KB
Sample

210621-q1g6ysajce
MD5

a4d36466a9c1e7a7296c41fbff701c05
SHA1

651f3e7b5e3c03033da9e942ffc67fde1c1813bb
SHA256

bd09c02a8064de5f44d409eae767cfaa743c154edf967986f87ffb703467cf62
SHA512

8281399aec3656762c0829712d6d85c2d7b1fdcdb200cf38c5b3affb9fc1ee5e961e66716807041c01e2f7a0b350a3b2ea28646b4785936842d769e20e5a1bd2

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

402.115

Botnet

obama62

Campaign

1624268905

C2

184.185.103.157:443

24.179.77.236:443

71.41.184.10:3389

95.77.223.148:443

81.97.154.100:443

105.198.236.99:443

86.220.60.247:2222

197.45.110.165:995

149.28.98.196:2222

149.28.98.196:995

149.28.101.90:443

149.28.101.90:8443

149.28.99.97:2222

45.32.211.207:995

45.63.107.192:995

45.63.107.192:443

45.63.107.192:2222

45.32.211.207:2222

207.246.77.75:8443

45.32.211.207:8443

Targets

- Target
  
  a4d36466a9c1e7a7296c41fbff701c05
- Size
  
  736KB
- MD5
  
  a4d36466a9c1e7a7296c41fbff701c05
- SHA1
  
  651f3e7b5e3c03033da9e942ffc67fde1c1813bb
- SHA256
  
  bd09c02a8064de5f44d409eae767cfaa743c154edf967986f87ffb703467cf62
- SHA512
  
  8281399aec3656762c0829712d6d85c2d7b1fdcdb200cf38c5b3affb9fc1ee5e961e66716807041c01e2f7a0b350a3b2ea28646b4785936842d769e20e5a1bd2
Score

10^/10

qakbot obama62 1624268905 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2