qakbot | 72880087d0c42ffaa8b4975dcded0e39e6df62268c613d8dd809e62eb67c286f | Triage

Sharing

General

Target

a30848a427306d69735b1e93ef0e0c89
Size

820KB
Sample

231219-z7dreaebaq
MD5

a30848a427306d69735b1e93ef0e0c89
SHA1

77b068b7f6208e24183f818544de49cf1d04a94b
SHA256

72880087d0c42ffaa8b4975dcded0e39e6df62268c613d8dd809e62eb67c286f
SHA512

e29e94a009b17f7b08a663d8b6071bbdf84859c2039a37a5ddfcf4091b6f33392084c402daefc41048bfb390bed2df6f5d710a83534a9c16e20e18dc0589f5a4
SSDEEP

24576:cO6c3oCrVA7bEK7mJaW2eX8TvE81gIzsk6EzCUfk7Cu:iuVeEK7mmeX8TBgIzsk6hUf41

Score

10^/10

qakbot obama112 1633682302 banker evasion stealer trojan

Malware Config

Extracted

Family

qakbot

Version

402.363

Botnet

obama112

Campaign

1633682302

C2

98.157.235.126:443

124.123.42.115:2222

185.250.148.74:443

73.77.87.137:443

188.50.169.158:443

216.201.162.158:443

174.54.193.186:443

27.223.92.142:995

220.255.25.28:2222

103.142.10.177:443

2.222.167.138:443

66.177.215.152:0

122.11.220.212:2222

85.109.229.54:995

140.82.49.12:443

199.27.127.129:443

209.50.20.255:443

73.230.205.91:443

200.232.214.222:995

81.241.252.59:2078

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  a30848a427306d69735b1e93ef0e0c89
- Size
  
  820KB
- MD5
  
  a30848a427306d69735b1e93ef0e0c89
- SHA1
  
  77b068b7f6208e24183f818544de49cf1d04a94b
- SHA256
  
  72880087d0c42ffaa8b4975dcded0e39e6df62268c613d8dd809e62eb67c286f
- SHA512
  
  e29e94a009b17f7b08a663d8b6071bbdf84859c2039a37a5ddfcf4091b6f33392084c402daefc41048bfb390bed2df6f5d710a83534a9c16e20e18dc0589f5a4
- SSDEEP
  
  24576:cO6c3oCrVA7bEK7mJaW2eX8TvE81gIzsk6EzCUfk7Cu:iuVeEK7mmeX8TBgIzsk6hUf41
Score

10^/10

qakbot obama112 1633682302 banker evasion stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Windows security bypass
  evasion trojan
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotobama1121633682302bankerevasionstealertrojan

behavioral2

qakbotobama1121633682302bankerevasionstealertrojan