qakbot | 46d4523fe454d47c021027353ff7e0a06ac81b49bf695e7357f8236855fba4e9 | Triage

Sharing

General

Target

46d4523fe454d47c021027353ff7e0a06ac81b49bf695e7357f8236855fba4e9
Size

701KB
Sample

221125-k8ktsaba8y
MD5

6eca56012ea0587286be85d268c9e726
SHA1

d7c0e85652b47e9dc4dc879865bfaf060bcc38e0
SHA256

46d4523fe454d47c021027353ff7e0a06ac81b49bf695e7357f8236855fba4e9
SHA512

153b961a31fdc4d582446836dae87a8837b5ac6faeb712dc098a041e4891574a09ef7c44989b7ba1a591e4015e810a322d70db6323b033d1f07954b2e3aa7c28
SSDEEP

6144:wXESEPZbTSWraS0IMoNmL7x4SVISabPTeboxqoTkEbj5MItIl7P:hrrFNmLKSVIJbPT+4BiIuhP

Score

10^/10

qakbot obama01 1612782139 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

401.138

Botnet

obama01

Campaign

1612782139

C2

160.3.187.114:443

41.205.16.1:443

96.61.23.88:995

86.98.93.124:2078

2.232.253.79:995

81.88.254.62:443

197.45.110.165:995

27.223.92.142:995

80.11.173.82:8443

190.85.91.154:443

142.68.28.22:443

88.252.96.34:443

89.211.252.190:995

89.3.198.238:443

140.82.49.12:443

108.46.145.30:443

188.25.63.105:443

209.210.187.52:443

86.160.137.132:443

202.184.20.119:443

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  46d4523fe454d47c021027353ff7e0a06ac81b49bf695e7357f8236855fba4e9
- Size
  
  701KB
- MD5
  
  6eca56012ea0587286be85d268c9e726
- SHA1
  
  d7c0e85652b47e9dc4dc879865bfaf060bcc38e0
- SHA256
  
  46d4523fe454d47c021027353ff7e0a06ac81b49bf695e7357f8236855fba4e9
- SHA512
  
  153b961a31fdc4d582446836dae87a8837b5ac6faeb712dc098a041e4891574a09ef7c44989b7ba1a591e4015e810a322d70db6323b033d1f07954b2e3aa7c28
- SSDEEP
  
  6144:wXESEPZbTSWraS0IMoNmL7x4SVISabPTeboxqoTkEbj5MItIl7P:hrrFNmLKSVIJbPT+4BiIuhP
Score

10^/10

qakbot obama01 1612782139 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

qakbotobama011612782139bankerstealertrojan

behavioral2

qakbotobama011612782139bankerstealertrojan