qakbot | hxxp://lindentowncenter[.]com/xnvejyacq/2767/Darlehensvertrag_2767_18052020[.]zip | Triage

Resubmissions

19-05-2020 20:18

200519-j522lppzqx 10

19-05-2020 20:14

200519-ahdbsfbx26 1

Sharing

General

Target

http://lindentowncenter.com/xnvejyacq/2767/Darlehensvertrag_2767_18052020.zip
Sample

200519-j522lppzqx

Score

10^/10

qakbot spx122 1589882380 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Botnet

spx122

Campaign

1589882380

C2

72.183.129.56:443

72.190.101.70:443

74.75.216.202:443

47.40.244.237:443

209.182.121.133:2222

85.121.42.12:995

203.213.104.25:995

98.118.156.172:443

74.215.201.122:443

67.250.184.157:443

79.78.131.124:443

108.54.205.207:443

72.224.213.98:2222

24.27.82.216:2222

188.26.156.131:443

41.228.239.54:443

5.36.67.194:443

101.108.119.168:443

5.13.141.223:443

105.101.126.6:443

Targets

- Target
  
  http://lindentowncenter.com/xnvejyacq/2767/Darlehensvertrag_2767_18052020.zip
Score

10^/10

trojan banker stealer qakbot
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Blacklisted process makes network request
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

trojanbankerstealerqakbot