qakbot | cef753eb16b367824aa5ec90a54b87c2578f615963ed0c3a1dec33a7327ab9a1 | Triage

Sharing

General

Target

2021-09-20-Qakbot-DLL-example-16.bin
Size

823KB
Sample

211001-q2p3tabhem
MD5

658d55a0402a2e11709ec863f96de60a
SHA1

16759dafd89e66d4aaaf1f8f700a24e971981ce1
SHA256

cef753eb16b367824aa5ec90a54b87c2578f615963ed0c3a1dec33a7327ab9a1
SHA512

93945a1fb0389c9afa848a65600d527c2c1911b78df438f5d9176537fdce345679e0da37ebbf64bb31f26685de0a19bca56cc55d7ec01c6209467b4c4dcd3bc3

Score

10^/10

qakbot obama100 1632151873 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

402.318

Botnet

obama100

Campaign

1632151873

C2

45.46.53.140:2222

144.139.47.206:443

189.210.115.207:443

120.150.218.241:995

47.22.148.6:443

140.82.49.12:443

24.139.72.117:443

24.229.150.54:995

24.55.112.61:443

136.232.34.70:443

95.77.223.148:443

173.21.10.71:2222

76.25.142.196:443

96.37.113.36:993

71.74.12.34:443

73.151.236.31:443

67.165.206.193:993

109.12.111.14:443

68.204.7.158:443

105.198.236.99:443

Targets

- Target
  
  2021-09-20-Qakbot-DLL-example-16.bin
- Size
  
  823KB
- MD5
  
  658d55a0402a2e11709ec863f96de60a
- SHA1
  
  16759dafd89e66d4aaaf1f8f700a24e971981ce1
- SHA256
  
  cef753eb16b367824aa5ec90a54b87c2578f615963ed0c3a1dec33a7327ab9a1
- SHA512
  
  93945a1fb0389c9afa848a65600d527c2c1911b78df438f5d9176537fdce345679e0da37ebbf64bb31f26685de0a19bca56cc55d7ec01c6209467b4c4dcd3bc3
Score

10^/10

qakbot obama100 1632151873 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

qakbotobama1001632151873bankerstealertrojan