qakbot | 238fa968ea18bf8ee6737880083f39c3b239c91084bbf6dafa23eb050f31b3f9 | Triage

Sharing

General

Target

0fe8ae3cab77dc2e1e0f6bc47f9c94bc
Size

1.0MB
Sample

231219-m62qmabbh2
MD5

0fe8ae3cab77dc2e1e0f6bc47f9c94bc
SHA1

b9860b8b36735fc0b37472ef4de0b1510fbb61b0
SHA256

238fa968ea18bf8ee6737880083f39c3b239c91084bbf6dafa23eb050f31b3f9
SHA512

8818f1a60d192384059e084206f95cabb06b186422c1dd1904b9b47ef7e5ae07729eceb70908fb9c4a4102a3597faad19d47451e3962a259b2727eae45a3e28a
SSDEEP

24576:vPmUt5u2f8THLYM2UGGcOzDDqkB02DRbNRYilN3xa0vvw6xPrvuygaPkbDf59cMZ:HmKutTHLYMXrDuwprRYilN3xa0vvw6lT

Score

10^/10

qakbot obama110 1633507384 banker evasion stealer trojan

Malware Config

Extracted

Family

qakbot

Version

402.363

Botnet

obama110

Campaign

1633507384

C2

96.57.188.174:2078

94.200.181.154:443

217.17.56.163:2222

122.11.220.212:2222

2.222.167.138:443

209.50.20.255:443

167.248.117.81:443

187.116.124.82:995

73.52.50.32:443

120.151.47.189:443

181.118.183.94:443

89.101.97.139:443

188.210.210.122:0

81.241.252.59:2078

202.134.178.157:443

75.75.179.226:443

120.150.218.241:995

185.250.148.74:443

81.250.153.227:2222

66.103.170.104:2222

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  0fe8ae3cab77dc2e1e0f6bc47f9c94bc
- Size
  
  1.0MB
- MD5
  
  0fe8ae3cab77dc2e1e0f6bc47f9c94bc
- SHA1
  
  b9860b8b36735fc0b37472ef4de0b1510fbb61b0
- SHA256
  
  238fa968ea18bf8ee6737880083f39c3b239c91084bbf6dafa23eb050f31b3f9
- SHA512
  
  8818f1a60d192384059e084206f95cabb06b186422c1dd1904b9b47ef7e5ae07729eceb70908fb9c4a4102a3597faad19d47451e3962a259b2727eae45a3e28a
- SSDEEP
  
  24576:vPmUt5u2f8THLYM2UGGcOzDDqkB02DRbNRYilN3xa0vvw6xPrvuygaPkbDf59cMZ:HmKutTHLYMXrDuwprRYilN3xa0vvw6lT
Score

10^/10

qakbot obama110 1633507384 banker evasion stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Windows security bypass
  evasion trojan
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotobama1101633507384bankerevasionstealertrojan

behavioral2

qakbotobama1101633507384bankerevasionstealertrojan