qakbot | 608a569b3caa54231e76b65fe3e1945a4c8af8a16eb1707a1ddb687fb3228495 | Triage

Sharing

General

Target

f4b4f95f4c8d9f32dcd54565a0626f6e
Size

820KB
Sample

231220-vtw9dafha2
MD5

f4b4f95f4c8d9f32dcd54565a0626f6e
SHA1

c423b4ae7c02841400f29d16609131d333618a06
SHA256

608a569b3caa54231e76b65fe3e1945a4c8af8a16eb1707a1ddb687fb3228495
SHA512

66c164ed0fd57a8d59d42db3d5369f98432e327ee182af7f7f1fe20c486b27ce94ef1c79977ca9978a3a568d1d7cc54a3a1ef770f7d55815c207b73393cd5e1d
SSDEEP

24576:IO6c3oCrVA7bEK7mJaW2eX8TvE81oIzsk6EzCUfk7uu:GuVeEK7mmeX8TBoIzsk6hUf4B

Score

10^/10

qakbot obama112 1633682302 banker evasion stealer trojan

Malware Config

Extracted

Family

qakbot

Version

402.363

Botnet

obama112

Campaign

1633682302

C2

98.157.235.126:443

124.123.42.115:2222

185.250.148.74:443

73.77.87.137:443

188.50.169.158:443

216.201.162.158:443

174.54.193.186:443

27.223.92.142:995

220.255.25.28:2222

103.142.10.177:443

2.222.167.138:443

66.177.215.152:0

122.11.220.212:2222

85.109.229.54:995

140.82.49.12:443

199.27.127.129:443

209.50.20.255:443

73.230.205.91:443

200.232.214.222:995

81.241.252.59:2078

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  f4b4f95f4c8d9f32dcd54565a0626f6e
- Size
  
  820KB
- MD5
  
  f4b4f95f4c8d9f32dcd54565a0626f6e
- SHA1
  
  c423b4ae7c02841400f29d16609131d333618a06
- SHA256
  
  608a569b3caa54231e76b65fe3e1945a4c8af8a16eb1707a1ddb687fb3228495
- SHA512
  
  66c164ed0fd57a8d59d42db3d5369f98432e327ee182af7f7f1fe20c486b27ce94ef1c79977ca9978a3a568d1d7cc54a3a1ef770f7d55815c207b73393cd5e1d
- SSDEEP
  
  24576:IO6c3oCrVA7bEK7mJaW2eX8TvE81oIzsk6EzCUfk7uu:GuVeEK7mmeX8TBoIzsk6hUf4B
Score

10^/10

qakbot obama112 1633682302 banker evasion stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Windows security bypass
  evasion trojan
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

qakbotobama1121633682302bankerevasionstealertrojan

behavioral2

qakbotobama1121633682302bankerstealertrojan