qakbot | 00eb9e819548a07373a5f3aacc0f449171dc3e520cef7086fd7f47d9ad3fc5f3 | Triage

Sharing

General

Target

9635dc7f7bc526b80b4fed8ddeeede37
Size

820KB
Sample

231219-zcckvsfaaj
MD5

9635dc7f7bc526b80b4fed8ddeeede37
SHA1

062ed276f7d55a4cf137441a437f9507dd787310
SHA256

00eb9e819548a07373a5f3aacc0f449171dc3e520cef7086fd7f47d9ad3fc5f3
SHA512

4517989bf5181842ae028787affa19a3f1d021eb4c75aa61f23123eeaf4fbe51c79a7a94829f35824b91c543f5b138cb1f3ad043c9081c613592cd378237289c
SSDEEP

24576:OO6c3oCrVA7bEK7mJaW2eX8TvE81cIzsk6EzCUfk7Gu:UuVeEK7mmeX8TBcIzsk6hUf4J

Score

10^/10

qakbot obama112 1633682302 banker evasion stealer trojan

Malware Config

Extracted

Family

qakbot

Version

402.363

Botnet

obama112

Campaign

1633682302

C2

98.157.235.126:443

124.123.42.115:2222

185.250.148.74:443

73.77.87.137:443

188.50.169.158:443

216.201.162.158:443

174.54.193.186:443

27.223.92.142:995

220.255.25.28:2222

103.142.10.177:443

2.222.167.138:443

66.177.215.152:0

122.11.220.212:2222

85.109.229.54:995

140.82.49.12:443

199.27.127.129:443

209.50.20.255:443

73.230.205.91:443

200.232.214.222:995

81.241.252.59:2078

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  9635dc7f7bc526b80b4fed8ddeeede37
- Size
  
  820KB
- MD5
  
  9635dc7f7bc526b80b4fed8ddeeede37
- SHA1
  
  062ed276f7d55a4cf137441a437f9507dd787310
- SHA256
  
  00eb9e819548a07373a5f3aacc0f449171dc3e520cef7086fd7f47d9ad3fc5f3
- SHA512
  
  4517989bf5181842ae028787affa19a3f1d021eb4c75aa61f23123eeaf4fbe51c79a7a94829f35824b91c543f5b138cb1f3ad043c9081c613592cd378237289c
- SSDEEP
  
  24576:OO6c3oCrVA7bEK7mJaW2eX8TvE81cIzsk6EzCUfk7Gu:UuVeEK7mmeX8TBcIzsk6hUf4J
Score

10^/10

qakbot obama112 1633682302 banker evasion stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Windows security bypass
  evasion trojan
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotobama1121633682302bankerevasionstealertrojan

behavioral2

qakbotobama1121633682302bankerevasionstealertrojan