qakbot | 302bb53597efe329ad604747c12416f2b47dce9f2ab745e7f06175765ffe7bbe | Triage

Sharing

General

Target

302bb53597efe329ad604747c12416f2b47dce9f2ab745e7f06175765ffe7bbe
Size

701KB
Sample

221125-lbtk4abc7z
MD5

9528f6fd846e4d8d2e8eb2d3098cb20d
SHA1

6f40f7364def85ee85df690ed1e4749952634bb0
SHA256

302bb53597efe329ad604747c12416f2b47dce9f2ab745e7f06175765ffe7bbe
SHA512

66c92e632fbf16b63c4b1d10722dec199b880754a4ee3d27913f9698911953c28c8c54de13fcf75e5bde791052fc0cdd8deee5d54beb1e8749807fb22ae58cc5
SSDEEP

6144:rXESEPZbTSWraS0IMoNmL7x4SVISabPTeboxqoTkEbj5MItIl7/:8rrFNmLKSVIJbPT+4BiIuh/

Score

10^/10

qakbot obama01 1612782139 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

401.138

Botnet

obama01

Campaign

1612782139

C2

160.3.187.114:443

41.205.16.1:443

96.61.23.88:995

86.98.93.124:2078

2.232.253.79:995

81.88.254.62:443

197.45.110.165:995

27.223.92.142:995

80.11.173.82:8443

190.85.91.154:443

142.68.28.22:443

88.252.96.34:443

89.211.252.190:995

89.3.198.238:443

140.82.49.12:443

108.46.145.30:443

188.25.63.105:443

209.210.187.52:443

86.160.137.132:443

202.184.20.119:443

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  302bb53597efe329ad604747c12416f2b47dce9f2ab745e7f06175765ffe7bbe
- Size
  
  701KB
- MD5
  
  9528f6fd846e4d8d2e8eb2d3098cb20d
- SHA1
  
  6f40f7364def85ee85df690ed1e4749952634bb0
- SHA256
  
  302bb53597efe329ad604747c12416f2b47dce9f2ab745e7f06175765ffe7bbe
- SHA512
  
  66c92e632fbf16b63c4b1d10722dec199b880754a4ee3d27913f9698911953c28c8c54de13fcf75e5bde791052fc0cdd8deee5d54beb1e8749807fb22ae58cc5
- SSDEEP
  
  6144:rXESEPZbTSWraS0IMoNmL7x4SVISabPTeboxqoTkEbj5MItIl7/:8rrFNmLKSVIJbPT+4BiIuh/
Score

10^/10

qakbot obama01 1612782139 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

qakbotobama011612782139bankerstealertrojan

behavioral2

qakbotobama011612782139bankerstealertrojan