qakbot | e64e7761e85c14928ae398e2b27ec8db0ebcf8f8a6b5a48dcf46f42393121097 | Triage

Sharing

General

Target

8de512bd768a612f1f91f55718e0d53d
Size

750KB
Sample

231219-yvy15sadbn
MD5

8de512bd768a612f1f91f55718e0d53d
SHA1

d2f0b77d4d5ffa23a1e3cd26d43d01c3bfa9dd09
SHA256

e64e7761e85c14928ae398e2b27ec8db0ebcf8f8a6b5a48dcf46f42393121097
SHA512

dba9f21ae79ddca811bfeecb5ca3181de8f4b381f9ae13e88fa39c883a1557c221d79825d7f9003b8c26c1ed86951a9907b2bbb4d67e4293dce47c35a80a96ed
SSDEEP

12288:8V75XRqXnVyGXpI7fFHpsqJtjA42je3kyS6wEB35cyCH:fXnVyy6WIkBy3kySqBpFA

Score

10^/10

qakbot obama105 1632821932 banker evasion stealer trojan

Malware Config

Extracted

Family

qakbot

Version

402.363

Botnet

obama105

Campaign

1632821932

C2

120.151.47.189:443

41.228.22.180:443

39.52.241.3:995

199.27.127.129:443

216.201.162.158:443

136.232.34.70:443

196.217.156.63:995

120.150.218.241:995

95.77.223.148:443

185.250.148.74:443

181.118.183.94:443

105.198.236.99:443

140.82.49.12:443

37.210.152.224:995

89.101.97.139:443

81.241.252.59:2078

27.223.92.142:995

81.250.153.227:2222

73.151.236.31:443

47.22.148.6:443

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  8de512bd768a612f1f91f55718e0d53d
- Size
  
  750KB
- MD5
  
  8de512bd768a612f1f91f55718e0d53d
- SHA1
  
  d2f0b77d4d5ffa23a1e3cd26d43d01c3bfa9dd09
- SHA256
  
  e64e7761e85c14928ae398e2b27ec8db0ebcf8f8a6b5a48dcf46f42393121097
- SHA512
  
  dba9f21ae79ddca811bfeecb5ca3181de8f4b381f9ae13e88fa39c883a1557c221d79825d7f9003b8c26c1ed86951a9907b2bbb4d67e4293dce47c35a80a96ed
- SSDEEP
  
  12288:8V75XRqXnVyGXpI7fFHpsqJtjA42je3kyS6wEB35cyCH:fXnVyy6WIkBy3kySqBpFA
Score

10^/10

qakbot obama105 1632821932 banker evasion stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Windows security bypass
  evasion trojan
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

qakbotobama1051632821932bankerevasionstealertrojan

behavioral2

qakbotobama1051632821932bankerevasionstealertrojan