qakbot | 5b1e1d676004a005892c89c4ce542afaf9f92eca089562b9ddda4e7907d55c46 | Triage

Sharing

General

Target

5b1e1d676004a005892c89c4ce542afaf9f92eca089562b9ddda4e7907d55c46
Size

1.4MB
Sample

220609-xnp9zsfeb7
MD5

d2772ed977014f39bdfec9bed105c882
SHA1

c7f210811114b7178aa74d1124e898a4e2ad3afe
SHA256

5b1e1d676004a005892c89c4ce542afaf9f92eca089562b9ddda4e7907d55c46
SHA512

f072918941ccb802460d24e60cdd4ac7ad04d0cb46d1892205448eabbd57f030c0b22e1ed92ff0c409dcf8e1bfe2023d21ca79300dd2defca2560418753fc33f

Score

10^/10

qakbot obama186 1654596660 banker evasion stealer trojan

Malware Config

Extracted

Family

qakbot

Version

403.694

Botnet

obama186

Campaign

1654596660

C2

67.165.206.193:993

63.143.92.99:995

74.14.5.179:2222

182.191.92.203:995

197.89.8.51:443

89.101.97.139:443

86.97.9.190:443

124.40.244.115:2222

80.11.74.81:2222

41.215.153.104:995

179.100.20.32:32101

31.35.28.29:443

202.134.152.2:2222

109.12.111.14:443

93.48.80.198:995

120.150.218.241:995

41.38.167.179:995

177.94.57.126:32101

173.174.216.62:443

1.161.101.20:443

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  5b1e1d676004a005892c89c4ce542afaf9f92eca089562b9ddda4e7907d55c46
- Size
  
  1.4MB
- MD5
  
  d2772ed977014f39bdfec9bed105c882
- SHA1
  
  c7f210811114b7178aa74d1124e898a4e2ad3afe
- SHA256
  
  5b1e1d676004a005892c89c4ce542afaf9f92eca089562b9ddda4e7907d55c46
- SHA512
  
  f072918941ccb802460d24e60cdd4ac7ad04d0cb46d1892205448eabbd57f030c0b22e1ed92ff0c409dcf8e1bfe2023d21ca79300dd2defca2560418753fc33f
Score

10^/10

qakbot obama186 1654596660 banker evasion stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Windows security bypass
  evasion trojan
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

qakbotobama1861654596660bankerevasionstealertrojan

behavioral2

qakbotobama1861654596660bankerstealertrojan