qakbot | 8fc0f803beb1a3c3bde04002a0a75868cf82ae0b5509da1724d9c342397c2540 | Triage

Sharing

General

Target

local.dll
Size

843KB
Sample

220610-fjl84acbf3
MD5

50b13384387bdd3b6bb05a81a8a1822b
SHA1

3fcdf30622a4f9e81ef1c72cd3a000c6cf1c2ea0
SHA256

8fc0f803beb1a3c3bde04002a0a75868cf82ae0b5509da1724d9c342397c2540
SHA512

51abbb8913c1ac4233e82901230315bffb8af6a3e591a919f51f4a07ce57936329962125baa16f6dc916c98298513a8ea15554c81b47135588583d618ad33748

Score

10^/10

qakbot obama187 1654695312 banker evasion stealer trojan

Malware Config

Extracted

Family

qakbot

Version

403.688

Botnet

obama187

Campaign

1654695312

C2

197.164.182.46:993

70.51.135.90:2222

187.251.132.144:22

37.186.54.254:995

80.11.74.81:2222

41.84.236.245:995

24.139.72.117:443

177.94.57.126:32101

37.34.253.233:443

186.90.153.162:2222

32.221.224.140:995

208.107.221.224:443

67.165.206.193:993

63.143.92.99:995

88.232.220.207:443

189.78.107.163:32101

74.14.5.179:2222

148.0.56.63:443

40.134.246.185:995

173.21.10.71:2222

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  local.dll
- Size
  
  843KB
- MD5
  
  50b13384387bdd3b6bb05a81a8a1822b
- SHA1
  
  3fcdf30622a4f9e81ef1c72cd3a000c6cf1c2ea0
- SHA256
  
  8fc0f803beb1a3c3bde04002a0a75868cf82ae0b5509da1724d9c342397c2540
- SHA512
  
  51abbb8913c1ac4233e82901230315bffb8af6a3e591a919f51f4a07ce57936329962125baa16f6dc916c98298513a8ea15554c81b47135588583d618ad33748
Score

10^/10

qakbot obama187 1654695312 banker evasion stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Windows security bypass
  evasion trojan
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

qakbotobama1871654695312bankerevasionstealertrojan

behavioral2

qakbotobama1871654695312bankerstealertrojan