qakbot | 34ff470f4cba09e0b70aeeaf97a385f06cac0fa060b95d792ddd85e365a7bc7f | Triage

Sharing

General

Target

34ff470f4cba09e0b70aeeaf97a385f06cac0fa060b95d792ddd85e365a7bc7f
Size

701KB
Sample

221125-j9ehqagh6v
MD5

a58ccdf01f393877497e315cde928f2d
SHA1

78ca46e3b2fa4338928ad06301f1768db8ff6d76
SHA256

34ff470f4cba09e0b70aeeaf97a385f06cac0fa060b95d792ddd85e365a7bc7f
SHA512

884a73f2afb38eea70bf2f51a98de1379b4a31a8ad87445993a6b28d0c5ea35621fe6f3ccceb545c6ae2ed97b8dc65f2f9cbddcd6931e855a4c02614e1bc98c5
SSDEEP

6144:0XESEPZbTSWraS0IMoNmL7x4SVISabPTeboxqoTkEbj5MItIl7I:NrrFNmLKSVIJbPT+4BiIuhI

Score

10^/10

qakbot obama01 1612782139 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

401.138

Botnet

obama01

Campaign

1612782139

C2

160.3.187.114:443

41.205.16.1:443

96.61.23.88:995

86.98.93.124:2078

2.232.253.79:995

81.88.254.62:443

197.45.110.165:995

27.223.92.142:995

80.11.173.82:8443

190.85.91.154:443

142.68.28.22:443

88.252.96.34:443

89.211.252.190:995

89.3.198.238:443

140.82.49.12:443

108.46.145.30:443

188.25.63.105:443

209.210.187.52:443

86.160.137.132:443

202.184.20.119:443

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  34ff470f4cba09e0b70aeeaf97a385f06cac0fa060b95d792ddd85e365a7bc7f
- Size
  
  701KB
- MD5
  
  a58ccdf01f393877497e315cde928f2d
- SHA1
  
  78ca46e3b2fa4338928ad06301f1768db8ff6d76
- SHA256
  
  34ff470f4cba09e0b70aeeaf97a385f06cac0fa060b95d792ddd85e365a7bc7f
- SHA512
  
  884a73f2afb38eea70bf2f51a98de1379b4a31a8ad87445993a6b28d0c5ea35621fe6f3ccceb545c6ae2ed97b8dc65f2f9cbddcd6931e855a4c02614e1bc98c5
- SSDEEP
  
  6144:0XESEPZbTSWraS0IMoNmL7x4SVISabPTeboxqoTkEbj5MItIl7I:NrrFNmLKSVIJbPT+4BiIuhI
Score

10^/10

qakbot obama01 1612782139 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotobama011612782139bankerstealertrojan

behavioral2

qakbotobama011612782139bankerstealertrojan