qakbot | 9c3d3cd9b0fcb39117692600a7296b68dddf2995c6d302bc9d9c8b786780ba19 | Triage

Sharing

General

Target

qakbot_loader.dll
Size

1.0MB
Sample

221017-rrcv6sccbk
MD5

433893e5a6e12aed9ec0400812690147
SHA1

4b4ca66c1818d2e5ff9f4ea2afb136af2bd96564
SHA256

9c3d3cd9b0fcb39117692600a7296b68dddf2995c6d302bc9d9c8b786780ba19
SHA512

3782c98a4ee96566b19577e586177f0d637e44c55a9072113035980cbbe02e524f9c7c6c8e5d06ee05a6e3f0875c6f8800ac120f02dd596c2d8f43ca9c7da435
SSDEEP

12288:PhelIk3mnXCDHlvxIDmgiSbqtAghJwznk9x5n52oyPzm0PosefMyvgulSMyvguln:8KkMilvxqm2G2W92/zJPXy5Hy579

Score

10^/10

qakbot obama189 1655107308 banker evasion stealer trojan

Malware Config

Extracted

Family

qakbot

Version

403.688

Botnet

obama189

Campaign

1655107308

C2

91.177.173.10:995

117.248.109.38:21

182.191.92.203:995

39.52.38.164:995

217.165.84.253:993

84.241.8.23:32103

82.152.39.39:443

202.134.152.2:2222

122.118.131.132:995

120.150.218.241:995

222.169.71.98:2222

37.34.253.233:443

93.48.80.198:995

148.0.55.173:443

175.145.235.37:443

41.130.140.32:993

120.61.0.71:443

89.101.97.139:443

62.204.41.187:443

62.204.41.187:2222

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  qakbot_loader.dll
- Size
  
  1.0MB
- MD5
  
  433893e5a6e12aed9ec0400812690147
- SHA1
  
  4b4ca66c1818d2e5ff9f4ea2afb136af2bd96564
- SHA256
  
  9c3d3cd9b0fcb39117692600a7296b68dddf2995c6d302bc9d9c8b786780ba19
- SHA512
  
  3782c98a4ee96566b19577e586177f0d637e44c55a9072113035980cbbe02e524f9c7c6c8e5d06ee05a6e3f0875c6f8800ac120f02dd596c2d8f43ca9c7da435
- SSDEEP
  
  12288:PhelIk3mnXCDHlvxIDmgiSbqtAghJwznk9x5n52oyPzm0PosefMyvgulSMyvguln:8KkMilvxqm2G2W92/zJPXy5Hy579
Score

10^/10

qakbot obama189 1655107308 banker evasion stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Windows security bypass
  evasion trojan
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

qakbotobama1891655107308bankerevasionstealertrojan

behavioral2

qakbotobama1891655107308bankerstealertrojan