qakbot | 56db54d07ba8515eeb767bac9ab4d51d285b8a22c5392f28235e11c10a71fe52

General

Target

tres_cleaned.bin
Size

125KB
Sample

220802-bstbjsdbf8
MD5

d7b36ee68a2b69d999b6a7364e6f356b
SHA1

48b9696d636a0d5404502346577d38c74a0d02b2
SHA256

56db54d07ba8515eeb767bac9ab4d51d285b8a22c5392f28235e11c10a71fe52
SHA512

806b153269734c33ecd3d709f8a624601de8d56b0ee72a00dbd08ee0e8b9565cb438740bfb23d7a68ca8ef8da4e0fa9482517e94964618c59f4a9ef48fd28fdd

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

403.688

Botnet

obama189

Campaign

1655107308

C2

91.177.173.10:995

117.248.109.38:21

182.191.92.203:995

39.52.38.164:995

217.165.84.253:993

84.241.8.23:32103

82.152.39.39:443

202.134.152.2:2222

122.118.131.132:995

120.150.218.241:995

222.169.71.98:2222

37.34.253.233:443

93.48.80.198:995

148.0.55.173:443

175.145.235.37:443

41.130.140.32:993

120.61.0.71:443

89.101.97.139:443

62.204.41.187:443

62.204.41.187:2222

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  tres_cleaned.bin
- Size
  
  125KB
- MD5
  
  d7b36ee68a2b69d999b6a7364e6f356b
- SHA1
  
  48b9696d636a0d5404502346577d38c74a0d02b2
- SHA256
  
  56db54d07ba8515eeb767bac9ab4d51d285b8a22c5392f28235e11c10a71fe52
- SHA512
  
  806b153269734c33ecd3d709f8a624601de8d56b0ee72a00dbd08ee0e8b9565cb438740bfb23d7a68ca8ef8da4e0fa9482517e94964618c59f4a9ef48fd28fdd
Score

10^/10

qakbot obama189 1655107308 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2