qakbot | 73e4969db4253f9aeb2cbc7462376fb7e26cc4bb5bd23b82e2af0eaaf5ae66a8 | Triage

Sharing

General

Target

73e4969db4253f9aeb2cbc7462376fb7e26cc4bb5bd23b82e2af0eaaf5ae66a8
Size

2.3MB
Sample

250213-hwaf6svkdm
MD5

74cf47683051f44e6fb55ac9360c717e
SHA1

93b1ab0a9e70a546c4b89dcb20a158dfc90b1421
SHA256

73e4969db4253f9aeb2cbc7462376fb7e26cc4bb5bd23b82e2af0eaaf5ae66a8
SHA512

8425057a65e7f7e39956b8b245bdcaf2d2e827664ee34693cd055ac92f37d1b4f285bac3acc3be9df67d99b1ab8edd4602d7b7bc80ba9eecc2979b8ab37cbb72
SSDEEP

49152:aRJVY7Gs7IvXK6eBTC28d97NSkkBL3HgogWmv:aRJAIHXSkkBbHgoHmv

Score

10^/10

qakbot obama150 1640256791 banker defense_evasion discovery stealer trojan

Malware Config

Extracted

Family

qakbot

Version

403.10

Botnet

obama150

Campaign

1640256791

C2

96.21.251.127:2222

70.51.134.181:2222

69.14.172.24:443

186.64.87.213:443

94.62.161.77:995

103.139.242.30:990

114.79.148.170:443

217.164.247.241:2222

178.153.86.181:443

136.232.34.70:443

37.210.226.125:61202

173.21.10.71:2222

31.219.154.176:32101

140.82.49.12:443

32.221.229.7:443

24.152.219.253:995

106.51.48.170:50001

114.38.161.124:995

96.37.113.36:993

190.39.205.165:443

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Extracted

Family

qakbot

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  73e4969db4253f9aeb2cbc7462376fb7e26cc4bb5bd23b82e2af0eaaf5ae66a8
- Size
  
  2.3MB
- MD5
  
  74cf47683051f44e6fb55ac9360c717e
- SHA1
  
  93b1ab0a9e70a546c4b89dcb20a158dfc90b1421
- SHA256
  
  73e4969db4253f9aeb2cbc7462376fb7e26cc4bb5bd23b82e2af0eaaf5ae66a8
- SHA512
  
  8425057a65e7f7e39956b8b245bdcaf2d2e827664ee34693cd055ac92f37d1b4f285bac3acc3be9df67d99b1ab8edd4602d7b7bc80ba9eecc2979b8ab37cbb72
- SSDEEP
  
  49152:aRJVY7Gs7IvXK6eBTC28d97NSkkBL3HgogWmv:aRJAIHXSkkBbHgoHmv
Score

10^/10

qakbot obama150 1640256791 banker defense_evasion discovery stealer trojan
- Qakbot family
  qakbot
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Windows security bypass
  defense_evasion trojan
- Downloads MZ/PE file
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotobama1501640256791bankerdefense_evasiondiscoverystealertrojan

behavioral2

qakbotobama1501640256791bankerdefense_evasiondiscoverystealertrojan