qakbot | b4f2abd0340b23c7090fe6b026cbaa978bd0a65612c54fa618dcaf09fd1d706a

General

Target

Drezd.red
Size

750KB
Sample

210928-qdl19acae6
MD5

0628003dfb8253c602379a7da67b8618
SHA1

0a183c5c992c32d492fdf45bab0e9be002e9543e
SHA256

b4f2abd0340b23c7090fe6b026cbaa978bd0a65612c54fa618dcaf09fd1d706a
SHA512

b816f450ed81ad758699d88336689418d3ba320e17ad9c2f3d3554cd54b6577af6386e079d6d6af39873e8f7ea3cf28b1b695a67b29bbfda63e94a0ccd0a1677

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

402.363

Botnet

obama105

Campaign

1632821932

C2

120.151.47.189:443

41.228.22.180:443

39.52.241.3:995

199.27.127.129:443

216.201.162.158:443

136.232.34.70:443

196.217.156.63:995

120.150.218.241:995

95.77.223.148:443

185.250.148.74:443

181.118.183.94:443

105.198.236.99:443

140.82.49.12:443

37.210.152.224:995

89.101.97.139:443

81.241.252.59:2078

27.223.92.142:995

81.250.153.227:2222

73.151.236.31:443

47.22.148.6:443

Targets

- Target
  
  Drezd.red
- Size
  
  750KB
- MD5
  
  0628003dfb8253c602379a7da67b8618
- SHA1
  
  0a183c5c992c32d492fdf45bab0e9be002e9543e
- SHA256
  
  b4f2abd0340b23c7090fe6b026cbaa978bd0a65612c54fa618dcaf09fd1d706a
- SHA512
  
  b816f450ed81ad758699d88336689418d3ba320e17ad9c2f3d3554cd54b6577af6386e079d6d6af39873e8f7ea3cf28b1b695a67b29bbfda63e94a0ccd0a1677
Score

10^/10

qakbot obama105 1632821932 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2