qakbot | d432923facfd4345e0a484faa3ce4d2f303cb979a2da221b1a8f5217fb774b48 | Triage

Sharing

General

Target

d432923facfd4345e0a484faa3ce4d2f303cb979a2da221b1a8f5217fb774b48
Size

1.1MB
Sample

240825-glv5fsyapg
MD5

7e2cfd1c2513740295d6b7fabaf95ea4
SHA1

ae8ebe15b685ac84d8f47cc5b4bf0d4f1a6c9572
SHA256

d432923facfd4345e0a484faa3ce4d2f303cb979a2da221b1a8f5217fb774b48
SHA512

784ca0c0998a5eb55fc3d635242ee19f0670025b2218ad37816d2c8b18e777c4a4586ae503bc97d96d1822afdd53dc91f9b6f267197f757f9b30a73cc370aa2e
SSDEEP

12288:nmNDiDQ21Elifgbhc5ZbqWDyALUvNi8KaEIgAteiDqd+Ci6T1l84A79hbi:Mek2CBhcbL8vEnynZC1Tz8r79hbi

Score

10^/10

qakbot obama53 1622633996 banker discovery stealer trojan

Malware Config

Extracted

Family

qakbot

Version

402.68

Botnet

obama53

Campaign

1622633996

C2

96.61.23.88:995

86.220.62.251:2222

71.74.12.34:443

75.67.192.125:443

24.152.219.253:995

105.198.236.101:443

24.179.77.236:443

47.22.148.6:443

92.59.35.196:2222

81.97.154.100:443

207.246.116.237:443

207.246.77.75:995

45.32.211.207:2222

45.77.115.208:443

149.28.98.196:443

45.77.115.208:2222

144.202.38.185:995

45.77.115.208:8443

207.246.77.75:8443

207.246.77.75:443

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  d432923facfd4345e0a484faa3ce4d2f303cb979a2da221b1a8f5217fb774b48
- Size
  
  1.1MB
- MD5
  
  7e2cfd1c2513740295d6b7fabaf95ea4
- SHA1
  
  ae8ebe15b685ac84d8f47cc5b4bf0d4f1a6c9572
- SHA256
  
  d432923facfd4345e0a484faa3ce4d2f303cb979a2da221b1a8f5217fb774b48
- SHA512
  
  784ca0c0998a5eb55fc3d635242ee19f0670025b2218ad37816d2c8b18e777c4a4586ae503bc97d96d1822afdd53dc91f9b6f267197f757f9b30a73cc370aa2e
- SSDEEP
  
  12288:nmNDiDQ21Elifgbhc5ZbqWDyALUvNi8KaEIgAteiDqd+Ci6T1l84A79hbi:Mek2CBhcbL8vEnynZC1Tz8r79hbi
Score

10^/10

qakbot obama53 1622633996 banker discovery stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotobama531622633996bankerdiscoverystealertrojan

behavioral2

qakbotobama531622633996bankerdiscoverystealertrojan