qakbot | 26cd9d3e583890a3297847f87509bdaba621808ee2483d9c3f36ca3e82e14504 | Triage

Sharing

General

Target

44695.667952662.dat
Size

1.1MB
Sample

220514-ree5rsabf9
MD5

e6bc44a0ac68df325a284b7d204b6d5e
SHA1

a37279670123a6da46a64ceef9e6f504b7d166a9
SHA256

26cd9d3e583890a3297847f87509bdaba621808ee2483d9c3f36ca3e82e14504
SHA512

264aa5a460e4244c507581f9a20ff7272b8b2891741ed1e25c7484847b2699ac29122ed3adbf973e9eda2ef6beb75febe65dbf93a84561a11b48c98f335afbf5

Score

10^/10

qakbot obama183 1652433807 banker evasion stealer trojan

Malware Config

Extracted

Family

qakbot

Version

403.683

Botnet

obama183

Campaign

1652433807

C2

103.139.243.207:990

217.128.122.65:2222

40.134.246.185:995

172.114.160.81:995

186.90.153.162:2222

75.99.168.194:61201

124.40.244.118:2222

86.98.208.214:2222

2.34.12.8:443

46.107.48.202:443

46.103.186.43:995

103.246.242.202:443

76.70.9.169:2222

72.76.94.99:443

102.65.16.245:443

45.63.1.12:443

45.76.167.26:443

144.202.3.39:995

140.82.63.183:443

144.202.2.175:995

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  44695.667952662.dat
- Size
  
  1.1MB
- MD5
  
  e6bc44a0ac68df325a284b7d204b6d5e
- SHA1
  
  a37279670123a6da46a64ceef9e6f504b7d166a9
- SHA256
  
  26cd9d3e583890a3297847f87509bdaba621808ee2483d9c3f36ca3e82e14504
- SHA512
  
  264aa5a460e4244c507581f9a20ff7272b8b2891741ed1e25c7484847b2699ac29122ed3adbf973e9eda2ef6beb75febe65dbf93a84561a11b48c98f335afbf5
Score

10^/10

qakbot obama183 1652433807 banker evasion stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Windows security bypass
  evasion trojan
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

qakbotobama1831652433807bankerevasionstealertrojan

behavioral2

qakbotobama1831652433807bankerevasionstealertrojan