qakbot | c888b058cd85352ec803eb2a6e78bef567b844e9982176efbcd7074982a760de | Triage

Resubmissions

19-05-2020 13:04

200519-7d9ja2krwe 10

19-05-2020 12:28

200519-4h8rvftfme 8

Sharing

General

Target

Darlehensvertrag_42816504192_15052020.vbs
Size

36.2MB
Sample

200519-7d9ja2krwe
MD5

e44fb6c9a050ae7ef4b55cce6a71cdcd
SHA1

dd77b217e503fddaf28bb60b6e3280a692807976
SHA256

c888b058cd85352ec803eb2a6e78bef567b844e9982176efbcd7074982a760de
SHA512

9524cdd296cb89eb1cc8a160a62337a908990aa1e6d84b0e51c1827bec705331f458c0713d64cfe221a55ad32331db74a8e9ff4a356d6b2fb515b464e3804ab5

Score

10^/10

qakbot spx121 1589802571 banker evasion stealer trojan

Malware Config

Extracted

Family

qakbot

Botnet

spx121

Campaign

1589802571

C2

72.209.191.27:443

72.204.242.138:443

47.202.98.230:443

72.204.242.138:465

96.35.170.82:2222

96.56.237.174:465

65.60.228.130:443

76.187.8.160:443

79.101.206.85:995

64.19.74.29:995

84.117.60.157:443

94.176.128.176:443

72.204.242.138:32102

187.155.61.44:443

72.204.242.138:443

73.163.242.114:443

86.127.7.148:21

76.187.97.98:2222

82.178.63.31:443

174.52.64.212:443

Targets

- Target
  
  Darlehensvertrag_42816504192_15052020.vbs
- Size
  
  36.2MB
- MD5
  
  e44fb6c9a050ae7ef4b55cce6a71cdcd
- SHA1
  
  dd77b217e503fddaf28bb60b6e3280a692807976
- SHA256
  
  c888b058cd85352ec803eb2a6e78bef567b844e9982176efbcd7074982a760de
- SHA512
  
  9524cdd296cb89eb1cc8a160a62337a908990aa1e6d84b0e51c1827bec705331f458c0713d64cfe221a55ad32331db74a8e9ff4a356d6b2fb515b464e3804ab5
Score

10^/10

evasion trojan banker stealer qakbot
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Windows security bypass
  evasion trojan
- Blacklisted process makes network request
- Executes dropped EXE
- Turns off Windows Defender SpyNet reporting
- Loads dropped DLL
- Windows security modification
  evasion trojan
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasiontrojanbankerstealerqakbot