qakbot | dbe3468fbf17c02a99b49ee5fca4837811e4bf8e2877374423c2d4512f060569 | Triage

Sharing

General

Target

fc77868aae55037dccd9e6734c0bda1f
Size

820KB
Sample

231220-wdqx4abbhj
MD5

fc77868aae55037dccd9e6734c0bda1f
SHA1

625c1d5de4fb7e5fae3440892e122685b004f88e
SHA256

dbe3468fbf17c02a99b49ee5fca4837811e4bf8e2877374423c2d4512f060569
SHA512

c494179fb0bd6cfc56e19795830c4ea1afdc1eda4c70ae0420c9e967a4d4c7425023efdb41d7e5bd8ac27b3ff0cb10e7212929d7d27794f2d0575316a9bea327
SSDEEP

24576:nO6c3oCrVA7bEK7mJaW2eX8TvE81gIzsk6EzCUfk7Ou:duVeEK7mmeX8TBgIzsk6hUf4h

Score

10^/10

qakbot obama112 1633682302 banker evasion stealer trojan

Malware Config

Extracted

Family

qakbot

Version

402.363

Botnet

obama112

Campaign

1633682302

C2

98.157.235.126:443

124.123.42.115:2222

185.250.148.74:443

73.77.87.137:443

188.50.169.158:443

216.201.162.158:443

174.54.193.186:443

27.223.92.142:995

220.255.25.28:2222

103.142.10.177:443

2.222.167.138:443

66.177.215.152:0

122.11.220.212:2222

85.109.229.54:995

140.82.49.12:443

199.27.127.129:443

209.50.20.255:443

73.230.205.91:443

200.232.214.222:995

81.241.252.59:2078

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  fc77868aae55037dccd9e6734c0bda1f
- Size
  
  820KB
- MD5
  
  fc77868aae55037dccd9e6734c0bda1f
- SHA1
  
  625c1d5de4fb7e5fae3440892e122685b004f88e
- SHA256
  
  dbe3468fbf17c02a99b49ee5fca4837811e4bf8e2877374423c2d4512f060569
- SHA512
  
  c494179fb0bd6cfc56e19795830c4ea1afdc1eda4c70ae0420c9e967a4d4c7425023efdb41d7e5bd8ac27b3ff0cb10e7212929d7d27794f2d0575316a9bea327
- SSDEEP
  
  24576:nO6c3oCrVA7bEK7mJaW2eX8TvE81gIzsk6EzCUfk7Ou:duVeEK7mmeX8TBgIzsk6hUf4h
Score

10^/10

qakbot obama112 1633682302 banker evasion stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Windows security bypass
  evasion trojan
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

qakbotobama1121633682302bankerevasionstealertrojan

behavioral2

qakbotobama1121633682302bankerevasionstealertrojan