qakbot | 9dc360d1063cf1975d75d74a909f86f1aeedaad81bc81a9a61e37b5b7775469f | Triage

Sharing

General

Target

9dc360d1063cf1975d75d74a909f86f1aeedaad81bc81a9a61e37b5b7775469f
Size

2.8MB
Sample

240922-3y6mlszfna
MD5

9c36ce32befa3cb33d7745873c4db5b3
SHA1

51da096433142ebd6e04122a04760d3ff33b27ed
SHA256

9dc360d1063cf1975d75d74a909f86f1aeedaad81bc81a9a61e37b5b7775469f
SHA512

6d680fc3c94138514bec604e806c5a7404f310c123ba09e2f6caae686f6fdc26886acac5121c6f1892e276081230e69e66c5e5ca7b02e0f0c991713e2c028b65
SSDEEP

49152:1VUZMcNCu/aXwvg7CfUCOyzw4LxNPpOcQdRckhdIfTRfWG/Pm:1VgMsD+woufx1fWG/Pm

Score

10^/10

qakbot obama145 1639478529 banker discovery stealer trojan

Malware Config

Extracted

Family

qakbot

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Extracted

Family

qakbot

Version

403.10

Botnet

obama145

Campaign

1639478529

C2

120.150.218.241:995

93.48.80.198:995

102.65.38.67:443

218.101.110.3:995

216.238.72.121:443

216.238.72.121:995

207.246.112.221:995

207.246.112.221:443

216.238.71.31:995

216.238.71.31:443

65.100.174.110:443

186.64.87.213:443

136.143.11.232:443

41.228.22.180:443

140.82.49.12:443

39.49.104.126:995

105.198.236.99:995

78.180.163.25:995

2.222.167.138:443

45.9.20.200:2211

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  9dc360d1063cf1975d75d74a909f86f1aeedaad81bc81a9a61e37b5b7775469f
- Size
  
  2.8MB
- MD5
  
  9c36ce32befa3cb33d7745873c4db5b3
- SHA1
  
  51da096433142ebd6e04122a04760d3ff33b27ed
- SHA256
  
  9dc360d1063cf1975d75d74a909f86f1aeedaad81bc81a9a61e37b5b7775469f
- SHA512
  
  6d680fc3c94138514bec604e806c5a7404f310c123ba09e2f6caae686f6fdc26886acac5121c6f1892e276081230e69e66c5e5ca7b02e0f0c991713e2c028b65
- SSDEEP
  
  49152:1VUZMcNCu/aXwvg7CfUCOyzw4LxNPpOcQdRckhdIfTRfWG/Pm:1VgMsD+woufx1fWG/Pm
Score

10^/10

qakbot obama145 1639478529 banker discovery stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotobama1451639478529bankerdiscoverystealertrojan

behavioral2

qakbotobama1451639478529bankerdiscoverystealertrojan