qakbot | 161a19d18bc0e811244d95ba0f19bd860b411f4cac4bfa366be564f3b1b625c9 | Triage

Sharing

General

Target

44484.7372094907.dat
Size

905KB
Sample

211015-sef8habba4
MD5

7da25a472d5d7a3e5bf7adc43db9326a
SHA1

ae9c68378df4cf14ae149d1a8e77c14366e62859
SHA256

161a19d18bc0e811244d95ba0f19bd860b411f4cac4bfa366be564f3b1b625c9
SHA512

237e449061176161d98517bb784d28ee5afb979750bbc08e7f7de42b4833b169fd3666cb466e17f4ce7df1d61ebba801ee20216a697d33cfbdf30f056f5fd4db

Score

10^/10

qakbot obama116 1634289383 banker evasion stealer trojan

Malware Config

Extracted

Family

qakbot

Version

402.363

Botnet

obama116

Campaign

1634289383

C2

41.228.22.180:443

188.55.249.239:995

120.150.218.241:995

37.117.191.19:2222

68.204.7.158:443

81.241.252.59:2078

196.207.140.40:995

174.54.193.186:443

63.143.92.99:995

197.89.144.200:443

86.220.112.26:2222

73.52.50.32:443

103.82.211.39:465

146.66.238.74:443

167.248.117.81:443

2.222.167.138:443

181.118.183.94:443

103.82.211.39:995

78.179.137.102:995

89.137.52.44:443

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  44484.7372094907.dat
- Size
  
  905KB
- MD5
  
  7da25a472d5d7a3e5bf7adc43db9326a
- SHA1
  
  ae9c68378df4cf14ae149d1a8e77c14366e62859
- SHA256
  
  161a19d18bc0e811244d95ba0f19bd860b411f4cac4bfa366be564f3b1b625c9
- SHA512
  
  237e449061176161d98517bb784d28ee5afb979750bbc08e7f7de42b4833b169fd3666cb466e17f4ce7df1d61ebba801ee20216a697d33cfbdf30f056f5fd4db
Score

10^/10

qakbot obama116 1634289383 banker evasion stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Windows security bypass
  evasion trojan
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

qakbotobama1161634289383bankerevasionstealertrojan

behavioral2

qakbotobama1161634289383bankerstealertrojan