qakbot | 5ca65fc43b080d1b3167c71369d0062f7f12fc42d1181e81239d47f4ff1d7966

General

Target

44460.927246412[1].dat.0.7z
Size

265KB
Sample

210921-1kq9nadddp
MD5

364dff45312d763d9fff5aef5906ee37
SHA1

61a3d9133dd30e2f48ad436205e2bc3b05f112ab
SHA256

5ca65fc43b080d1b3167c71369d0062f7f12fc42d1181e81239d47f4ff1d7966
SHA512

ef4b4ce6041762ddb6e09c23b38b93ad6ad41e56a0e64734435b3ec66e09a27894c59125c6c44cd302ad26f0476732cfa8b0e9c4a72264773f9c694f72e233f2

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

402.318

Botnet

obama101

Campaign

1632228858

C2

47.22.148.6:443

24.55.112.61:443

140.82.49.12:443

24.139.72.117:443

136.232.34.70:443

24.229.150.54:995

71.74.12.34:443

73.151.236.31:443

120.150.218.241:995

105.198.236.99:443

76.25.142.196:443

45.46.53.140:2222

144.139.47.206:443

96.37.113.36:993

173.21.10.71:2222

67.165.206.193:993

189.210.115.207:443

109.12.111.14:443

68.204.7.158:443

95.77.223.148:443

Targets

- Target
  
  44460.927246412[1].dat.0.dr
- Size
  
  488KB
- MD5
  
  7f0b9d11c95a65e9e9f87b2341bb01ad
- SHA1
  
  93abbf5758c39672d69502690b5e4003a47f9e72
- SHA256
  
  4d3095c7965c7bdd32b81b72c95f767134915cf08ebe1237721ed5208de4beee
- SHA512
  
  eb81b291a55ab91dfaef4a64661b2325c594890ebbcb71b00d5029275c1b7ec43880d85737fceba3c0de1cd20ed94ffa7a9112424c3ef25fd0e21e586a329648
Score

10^/10

qakbot obama101 1632228858 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2