qakbot | e64e7761e85c14928ae398e2b27ec8db0ebcf8f8a6b5a48dcf46f42393121097 | Triage

Sharing

General

Target

8de512bd768a612f1f91f55718e0d53d
Size

750KB
Sample

231219-yvy15sadbn
MD5

8de512bd768a612f1f91f55718e0d53d
SHA1

d2f0b77d4d5ffa23a1e3cd26d43d01c3bfa9dd09
SHA256

e64e7761e85c14928ae398e2b27ec8db0ebcf8f8a6b5a48dcf46f42393121097
SHA512

dba9f21ae79ddca811bfeecb5ca3181de8f4b381f9ae13e88fa39c883a1557c221d79825d7f9003b8c26c1ed86951a9907b2bbb4d67e4293dce47c35a80a96ed
SSDEEP

12288:8V75XRqXnVyGXpI7fFHpsqJtjA42je3kyS6wEB35cyCH:fXnVyy6WIkBy3kySqBpFA

Score

10^/10

qakbot obama105 1632821932 banker evasion stealer trojan

Malware Config

Extracted

Family

qakbot

Version

402.363

Botnet

obama105

Campaign

1632821932

C2

120.151.47.189:443

41.228.22.180:443

39.52.241.3:995

199.27.127.129:443

216.201.162.158:443

136.232.34.70:443

196.217.156.63:995

120.150.218.241:995

95.77.223.148:443

185.250.148.74:443

181.118.183.94:443

105.198.236.99:443

140.82.49.12:443

37.210.152.224:995

89.101.97.139:443

81.241.252.59:2078

27.223.92.142:995

81.250.153.227:2222

73.151.236.31:443

47.22.148.6:443

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  8de512bd768a612f1f91f55718e0d53d
- Size
  
  750KB
- MD5
  
  8de512bd768a612f1f91f55718e0d53d
- SHA1
  
  d2f0b77d4d5ffa23a1e3cd26d43d01c3bfa9dd09
- SHA256
  
  e64e7761e85c14928ae398e2b27ec8db0ebcf8f8a6b5a48dcf46f42393121097
- SHA512
  
  dba9f21ae79ddca811bfeecb5ca3181de8f4b381f9ae13e88fa39c883a1557c221d79825d7f9003b8c26c1ed86951a9907b2bbb4d67e4293dce47c35a80a96ed
- SSDEEP
  
  12288:8V75XRqXnVyGXpI7fFHpsqJtjA42je3kyS6wEB35cyCH:fXnVyy6WIkBy3kySqBpFA
Score

10^/10

qakbot obama105 1632821932 banker evasion stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Windows security bypass
  evasion trojan
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotobama1051632821932bankerevasionstealertrojan

behavioral2

qakbotobama1051632821932bankerevasionstealertrojan