qakbot | 81343a9be0c301685f76fa2185dc8b28c0e8aebdca6f23ba12a4412685e286f6 | Triage

Sharing

General

Target

50600999_420925.img
Size

2.6MB
Sample

220822-j69vfsgae3
MD5

5531d308f169eb4387f80202b68333a0
SHA1

bac447aa3281946bca9c501d8c18fcf2f5a1c0d1
SHA256

81343a9be0c301685f76fa2185dc8b28c0e8aebdca6f23ba12a4412685e286f6
SHA512

75ef718691db75eebc044590c499982acd1a83e9986eb0be15a951ed5ccc7401a58a5d7a146989977bb32180e4a2f0c44913b1adc54641e50a4bbb3d9b0e85ad
SSDEEP

24576:D80Ra7rJwVXWqZLSPZF5BQjaM+R4YENZrfrzfQ/D6CJ0:Dt8kRKZ29+I4/DLJ

Score

10^/10

qakbot obama186 1654596660 banker evasion stealer trojan

Malware Config

Extracted

Family

qakbot

Version

403.694

Botnet

obama186

Campaign

1654596660

C2

67.165.206.193:993

63.143.92.99:995

74.14.5.179:2222

182.191.92.203:995

197.89.8.51:443

89.101.97.139:443

86.97.9.190:443

124.40.244.115:2222

80.11.74.81:2222

41.215.153.104:995

179.100.20.32:32101

31.35.28.29:443

202.134.152.2:2222

109.12.111.14:443

93.48.80.198:995

120.150.218.241:995

41.38.167.179:995

177.94.57.126:32101

173.174.216.62:443

1.161.101.20:443

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  50600999_420925.img
- Size
  
  2.6MB
- MD5
  
  5531d308f169eb4387f80202b68333a0
- SHA1
  
  bac447aa3281946bca9c501d8c18fcf2f5a1c0d1
- SHA256
  
  81343a9be0c301685f76fa2185dc8b28c0e8aebdca6f23ba12a4412685e286f6
- SHA512
  
  75ef718691db75eebc044590c499982acd1a83e9986eb0be15a951ed5ccc7401a58a5d7a146989977bb32180e4a2f0c44913b1adc54641e50a4bbb3d9b0e85ad
- SSDEEP
  
  24576:D80Ra7rJwVXWqZLSPZF5BQjaM+R4YENZrfrzfQ/D6CJ0:Dt8kRKZ29+I4/DLJ
Score

10^/10

qakbot obama186 1654596660 banker stealer trojan evasion
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Windows security bypass
  evasion trojan
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

qakbotobama1861654596660bankerstealertrojan

behavioral2

qakbotobama1861654596660bankerevasionstealertrojan