qakbot | d6688c773390903c9224e69dcdf9a54487b5c7fba31ad04fe18a7ecf2ccb3864 | Triage

Sharing

General

Target

d6688c773390903c9224e69dcdf9a54487b5c7fba31ad04fe18a7ecf2ccb3864
Size

701KB
Sample

221125-ktap9sab31
MD5

6a7b2fa9de5a35f64d24a249ee7ae963
SHA1

313c10bab22e56bebbfb7f43f545ee093e4d5fc0
SHA256

d6688c773390903c9224e69dcdf9a54487b5c7fba31ad04fe18a7ecf2ccb3864
SHA512

0e740acbd81b77c59de2736b345ae8d2c0e7e21bf69341288cfaa947f080a6c4f8b7794e83b3cb961c85825a9ff6efa40e70edbea2764ed8c1e6c31985dd6863
SSDEEP

6144:WXESEPZbTSWraS0IMoNmL7x4SVISabPTeboxqoTkEbj5MItIl7p:3rrFNmLKSVIJbPT+4BiIuhp

Score

10^/10

qakbot obama01 1612782139 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

401.138

Botnet

obama01

Campaign

1612782139

C2

160.3.187.114:443

41.205.16.1:443

96.61.23.88:995

86.98.93.124:2078

2.232.253.79:995

81.88.254.62:443

197.45.110.165:995

27.223.92.142:995

80.11.173.82:8443

190.85.91.154:443

142.68.28.22:443

88.252.96.34:443

89.211.252.190:995

89.3.198.238:443

140.82.49.12:443

108.46.145.30:443

188.25.63.105:443

209.210.187.52:443

86.160.137.132:443

202.184.20.119:443

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  d6688c773390903c9224e69dcdf9a54487b5c7fba31ad04fe18a7ecf2ccb3864
- Size
  
  701KB
- MD5
  
  6a7b2fa9de5a35f64d24a249ee7ae963
- SHA1
  
  313c10bab22e56bebbfb7f43f545ee093e4d5fc0
- SHA256
  
  d6688c773390903c9224e69dcdf9a54487b5c7fba31ad04fe18a7ecf2ccb3864
- SHA512
  
  0e740acbd81b77c59de2736b345ae8d2c0e7e21bf69341288cfaa947f080a6c4f8b7794e83b3cb961c85825a9ff6efa40e70edbea2764ed8c1e6c31985dd6863
- SSDEEP
  
  6144:WXESEPZbTSWraS0IMoNmL7x4SVISabPTeboxqoTkEbj5MItIl7p:3rrFNmLKSVIJbPT+4BiIuhp
Score

10^/10

qakbot obama01 1612782139 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotobama011612782139bankerstealertrojan

behavioral2

qakbotobama011612782139bankerstealertrojan