qakbot | 4d3095c7965c7bdd32b81b72c95f767134915cf08ebe1237721ed5208de4beee

General

Target

44460.7129849537.dat
Size

488KB
Sample

210921-slxh3acefn
MD5

7f0b9d11c95a65e9e9f87b2341bb01ad
SHA1

93abbf5758c39672d69502690b5e4003a47f9e72
SHA256

4d3095c7965c7bdd32b81b72c95f767134915cf08ebe1237721ed5208de4beee
SHA512

eb81b291a55ab91dfaef4a64661b2325c594890ebbcb71b00d5029275c1b7ec43880d85737fceba3c0de1cd20ed94ffa7a9112424c3ef25fd0e21e586a329648

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

402.318

Botnet

obama101

Campaign

1632228858

C2

47.22.148.6:443

24.55.112.61:443

140.82.49.12:443

24.139.72.117:443

136.232.34.70:443

24.229.150.54:995

71.74.12.34:443

73.151.236.31:443

120.150.218.241:995

105.198.236.99:443

76.25.142.196:443

45.46.53.140:2222

144.139.47.206:443

96.37.113.36:993

173.21.10.71:2222

67.165.206.193:993

189.210.115.207:443

109.12.111.14:443

68.204.7.158:443

95.77.223.148:443

Targets

- Target
  
  44460.7129849537.dat
- Size
  
  488KB
- MD5
  
  7f0b9d11c95a65e9e9f87b2341bb01ad
- SHA1
  
  93abbf5758c39672d69502690b5e4003a47f9e72
- SHA256
  
  4d3095c7965c7bdd32b81b72c95f767134915cf08ebe1237721ed5208de4beee
- SHA512
  
  eb81b291a55ab91dfaef4a64661b2325c594890ebbcb71b00d5029275c1b7ec43880d85737fceba3c0de1cd20ed94ffa7a9112424c3ef25fd0e21e586a329648
Score

10^/10

qakbot obama101 1632228858 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2