qakbot | 608a569b3caa54231e76b65fe3e1945a4c8af8a16eb1707a1ddb687fb3228495 | Triage

Sharing

General

Target

f4b4f95f4c8d9f32dcd54565a0626f6e
Size

820KB
Sample

231220-vtw9dafha2
MD5

f4b4f95f4c8d9f32dcd54565a0626f6e
SHA1

c423b4ae7c02841400f29d16609131d333618a06
SHA256

608a569b3caa54231e76b65fe3e1945a4c8af8a16eb1707a1ddb687fb3228495
SHA512

66c164ed0fd57a8d59d42db3d5369f98432e327ee182af7f7f1fe20c486b27ce94ef1c79977ca9978a3a568d1d7cc54a3a1ef770f7d55815c207b73393cd5e1d
SSDEEP

24576:IO6c3oCrVA7bEK7mJaW2eX8TvE81oIzsk6EzCUfk7uu:GuVeEK7mmeX8TBoIzsk6hUf4B

Score

10^/10

qakbot obama112 1633682302 banker evasion stealer trojan

Malware Config

Extracted

Family

qakbot

Version

402.363

Botnet

obama112

Campaign

1633682302

C2

98.157.235.126:443

124.123.42.115:2222

185.250.148.74:443

73.77.87.137:443

188.50.169.158:443

216.201.162.158:443

174.54.193.186:443

27.223.92.142:995

220.255.25.28:2222

103.142.10.177:443

2.222.167.138:443

66.177.215.152:0

122.11.220.212:2222

85.109.229.54:995

140.82.49.12:443

199.27.127.129:443

209.50.20.255:443

73.230.205.91:443

200.232.214.222:995

81.241.252.59:2078

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  f4b4f95f4c8d9f32dcd54565a0626f6e
- Size
  
  820KB
- MD5
  
  f4b4f95f4c8d9f32dcd54565a0626f6e
- SHA1
  
  c423b4ae7c02841400f29d16609131d333618a06
- SHA256
  
  608a569b3caa54231e76b65fe3e1945a4c8af8a16eb1707a1ddb687fb3228495
- SHA512
  
  66c164ed0fd57a8d59d42db3d5369f98432e327ee182af7f7f1fe20c486b27ce94ef1c79977ca9978a3a568d1d7cc54a3a1ef770f7d55815c207b73393cd5e1d
- SSDEEP
  
  24576:IO6c3oCrVA7bEK7mJaW2eX8TvE81oIzsk6EzCUfk7uu:GuVeEK7mmeX8TBoIzsk6hUf4B
Score

10^/10

qakbot obama112 1633682302 banker evasion stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Windows security bypass
  evasion trojan
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotobama1121633682302bankerevasionstealertrojan

behavioral2

qakbotobama1121633682302bankerstealertrojan