qakbot | f2f13079e7a3436d61d3556eb7d80da706d0a17be1267df8919516320ec20402

General

Target

43413.8349927083.dat
Size

329KB
Sample

210624-egehj2fgts
MD5

d4cf44b2ca86171c64e561e20a2c89a6
SHA1

6f22416eaab62b17a516638ae352d0992fd347d7
SHA256

f2f13079e7a3436d61d3556eb7d80da706d0a17be1267df8919516320ec20402
SHA512

2bb1254d3f413821462cb6ce300b3ed31e581f5ce07f0f8216a0efcd193b45ea5fc9944c389b7e61b8ad0097d18eb4a1666b982f20e7d75ea254d496c4610457

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

402.115

Botnet

obama63

Campaign

1624541602

C2

213.122.113.120:443

75.137.47.174:443

72.252.201.69:443

197.45.110.165:995

72.240.200.181:2222

151.205.102.42:443

149.28.101.90:8443

45.32.211.207:8443

149.28.99.97:995

45.32.211.207:2222

45.77.117.108:2222

207.246.77.75:8443

149.28.99.97:2222

186.144.33.73:443

149.28.98.196:995

45.63.107.192:995

45.63.107.192:443

149.28.101.90:443

149.28.98.196:2222

45.32.211.207:995

Targets

- Target
  
  43413.8349927083.dat
- Size
  
  329KB
- MD5
  
  d4cf44b2ca86171c64e561e20a2c89a6
- SHA1
  
  6f22416eaab62b17a516638ae352d0992fd347d7
- SHA256
  
  f2f13079e7a3436d61d3556eb7d80da706d0a17be1267df8919516320ec20402
- SHA512
  
  2bb1254d3f413821462cb6ce300b3ed31e581f5ce07f0f8216a0efcd193b45ea5fc9944c389b7e61b8ad0097d18eb4a1666b982f20e7d75ea254d496c4610457
Score

10^/10

qakbot obama63 1624541602 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2