qakbot | 41af67ae35a6f1aa2361e3e35ed02c78f6995067359a94c417488304f2744a63 | Triage

Resubmissions

15-10-2021 23:55

211015-3yd8csbfa6 10

Sharing

General

Target

Celod.wac
Size

825KB
Sample

211015-3yd8csbfa6
MD5

7b1fcee11e42920b6922baaf43e48585
SHA1

b2c3040aeff1b37771b6bf8633a42fb14af8a4fe
SHA256

41af67ae35a6f1aa2361e3e35ed02c78f6995067359a94c417488304f2744a63
SHA512

46fa6b323bf3a5a99680facbe4d93cd78e51aeb902559d1f624ee8d30daea247d78c885d702b1e654c039e8eb96d4d42c68cc5ffdd7a586c7a51168f878c3829

Score

10^/10

qakbot obama111 1633590450 banker evasion stealer trojan

Malware Config

Extracted

Family

qakbot

Version

402.363

Botnet

obama111

Campaign

1633590450

C2

37.210.152.224:995

201.93.111.2:995

202.134.178.157:443

89.101.97.139:443

73.52.50.32:443

188.55.235.110:995

27.223.92.142:995

181.118.183.94:443

136.232.34.70:443

186.32.163.199:443

72.173.78.211:443

76.25.142.196:443

120.150.218.241:995

185.250.148.74:443

89.137.52.44:443

66.103.170.104:2222

188.50.169.158:443

174.54.193.186:443

103.148.120.144:443

140.82.49.12:443

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  Celod.wac
- Size
  
  825KB
- MD5
  
  7b1fcee11e42920b6922baaf43e48585
- SHA1
  
  b2c3040aeff1b37771b6bf8633a42fb14af8a4fe
- SHA256
  
  41af67ae35a6f1aa2361e3e35ed02c78f6995067359a94c417488304f2744a63
- SHA512
  
  46fa6b323bf3a5a99680facbe4d93cd78e51aeb902559d1f624ee8d30daea247d78c885d702b1e654c039e8eb96d4d42c68cc5ffdd7a586c7a51168f878c3829
Score

10^/10

qakbot obama111 1633590450 banker stealer trojan evasion
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Windows security bypass
  evasion trojan
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

qakbotobama1111633590450bankerstealertrojan

behavioral2

qakbotobama1111633590450bankerevasionstealertrojan