qakbot | 696156d9a4117cba652b18b012db376fddfbd7db8b26a638c760d61b98d3590d

General

Target

5q4psw.msi
Size

496KB
Sample

230530-zj95psca5x
MD5

e35727b10193fe55df216a1f9d166997
SHA1

9ddafa77fc9fdea0085e41aa0f3a1ee0d15d9c8a
SHA256

696156d9a4117cba652b18b012db376fddfbd7db8b26a638c760d61b98d3590d
SHA512

2bba74b0b7f5ee8509310030bb45def13b87394e55edf8d0e51595d6cc669f4b2c7497d95331c09c9f7b453f3c9acdeb03e41cd5e5dc14f9ecb9dd9f79d7ad8d
SSDEEP

12288:wn+NgINNEcfjVRMigNFoILI8KviLjvhAol71Q:wnX9gjVRMDqH8fL154

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.1320

Botnet

obama265

Campaign

1685436052

C2

103.42.86.42:995

174.4.89.3:443

161.142.103.187:995

78.160.146.127:443

84.35.26.14:995

12.172.173.82:20

70.28.50.223:2078

124.149.143.189:2222

70.160.67.203:443

186.64.67.30:443

103.123.223.133:443

94.207.104.225:443

89.114.140.100:443

213.64.33.61:2222

86.176.144.234:2222

72.134.124.16:443

47.34.30.133:443

109.50.149.241:2222

85.104.105.67:443

81.111.108.123:443

Targets

- Target
  
  5q4psw.msi
- Size
  
  496KB
- MD5
  
  e35727b10193fe55df216a1f9d166997
- SHA1
  
  9ddafa77fc9fdea0085e41aa0f3a1ee0d15d9c8a
- SHA256
  
  696156d9a4117cba652b18b012db376fddfbd7db8b26a638c760d61b98d3590d
- SHA512
  
  2bba74b0b7f5ee8509310030bb45def13b87394e55edf8d0e51595d6cc669f4b2c7497d95331c09c9f7b453f3c9acdeb03e41cd5e5dc14f9ecb9dd9f79d7ad8d
- SSDEEP
  
  12288:wn+NgINNEcfjVRMigNFoILI8KviLjvhAol71Q:wnX9gjVRMDqH8fL154
Score

10^/10

qakbot obama265 1685436052 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Loads dropped DLL

Enumerates connected drives

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2