qakbot | 6701e89b161bec144d1a4cd72b9190f9bc29ffb0a8c48edb25b46fa74c115ecd | Triage

Sharing

General

Target

64cf2215e86fdaad2a4f7cd9ed4d5f7a
Size

820KB
Sample

231219-vldr3acge7
MD5

64cf2215e86fdaad2a4f7cd9ed4d5f7a
SHA1

dc110ae81ab175cee2cf663e5596783f299a4a85
SHA256

6701e89b161bec144d1a4cd72b9190f9bc29ffb0a8c48edb25b46fa74c115ecd
SHA512

25a533cd520f7567f87c69b7f1a85da4ef05a5109592673d8646885bcee8a9c2fae6d9a6073830efd3aaddb0c19262f375a7a6ca8f6ed8f4455c35f66706aecb
SSDEEP

24576:hO6c3oCrVA7bEK7mJaW2eX8TvE81oIzsk6EzCUfk7Ou:vuVeEK7mmeX8TBoIzsk6hUf4h

Score

10^/10

qakbot obama112 1633682302 banker evasion stealer trojan

Malware Config

Extracted

Family

qakbot

Version

402.363

Botnet

obama112

Campaign

1633682302

C2

98.157.235.126:443

124.123.42.115:2222

185.250.148.74:443

73.77.87.137:443

188.50.169.158:443

216.201.162.158:443

174.54.193.186:443

27.223.92.142:995

220.255.25.28:2222

103.142.10.177:443

2.222.167.138:443

66.177.215.152:0

122.11.220.212:2222

85.109.229.54:995

140.82.49.12:443

199.27.127.129:443

209.50.20.255:443

73.230.205.91:443

200.232.214.222:995

81.241.252.59:2078

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  64cf2215e86fdaad2a4f7cd9ed4d5f7a
- Size
  
  820KB
- MD5
  
  64cf2215e86fdaad2a4f7cd9ed4d5f7a
- SHA1
  
  dc110ae81ab175cee2cf663e5596783f299a4a85
- SHA256
  
  6701e89b161bec144d1a4cd72b9190f9bc29ffb0a8c48edb25b46fa74c115ecd
- SHA512
  
  25a533cd520f7567f87c69b7f1a85da4ef05a5109592673d8646885bcee8a9c2fae6d9a6073830efd3aaddb0c19262f375a7a6ca8f6ed8f4455c35f66706aecb
- SSDEEP
  
  24576:hO6c3oCrVA7bEK7mJaW2eX8TvE81oIzsk6EzCUfk7Ou:vuVeEK7mmeX8TBoIzsk6hUf4h
Score

10^/10

qakbot obama112 1633682302 banker evasion stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Windows security bypass
  evasion trojan
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotobama1121633682302bankerevasionstealertrojan

behavioral2

qakbotobama1121633682302bankerevasionstealertrojan