qakbot | 3a908f08980e39a5c28c3a4054d52a3e665bda9a40e933455dfbfb1d381ab615 | Triage

Sharing

General

Target

44488.7444002315.dat
Size

1.6MB
Sample

211019-slrb2shaar
MD5

0e18a845d89e72012291c7ab32c23690
SHA1

bc213bced327f24d1aecde5c940e6682033a093f
SHA256

3a908f08980e39a5c28c3a4054d52a3e665bda9a40e933455dfbfb1d381ab615
SHA512

606311833f08ed014e212b477aac2595ca0ad7df723ae369ceebe75273b08f8a961adf619793af31d82cc2072a1ca1939a3c265ba876e9cb0eb3ec53abc98be0

Score

10^/10

qakbot obama118 1634629572 banker evasion stealer trojan

Malware Config

Extracted

Family

qakbot

Version

402.363

Botnet

obama118

Campaign

1634629572

C2

81.241.252.59:2078

78.105.213.151:995

77.57.204.78:443

37.210.155.239:995

93.48.58.123:2222

24.231.209.2:2222

146.66.238.74:443

65.100.174.110:443

140.82.49.12:443

187.75.66.160:995

41.86.42.158:995

120.150.218.241:995

73.151.236.31:443

81.250.153.227:2222

24.231.209.2:6881

174.54.193.186:443

136.232.34.70:443

76.25.142.196:443

78.191.38.33:995

117.215.227.142:443

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  44488.7444002315.dat
- Size
  
  1.6MB
- MD5
  
  0e18a845d89e72012291c7ab32c23690
- SHA1
  
  bc213bced327f24d1aecde5c940e6682033a093f
- SHA256
  
  3a908f08980e39a5c28c3a4054d52a3e665bda9a40e933455dfbfb1d381ab615
- SHA512
  
  606311833f08ed014e212b477aac2595ca0ad7df723ae369ceebe75273b08f8a961adf619793af31d82cc2072a1ca1939a3c265ba876e9cb0eb3ec53abc98be0
Score

10^/10

qakbot obama118 1634629572 banker evasion stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Windows security bypass
  evasion trojan
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

qakbotobama1181634629572bankerevasionstealertrojan

behavioral2

qakbotobama1181634629572bankerevasionstealertrojan