qakbot | 4bd9bde3970fb7ae3fefb0c70d36a4e1da7ef94b4fb0cb7b867835bbc7373d98 | Triage

Sharing

General

Target

5932c8742b819a8112fabdc0b9db1811
Size

217KB
Sample

200520-6dennfkhza
MD5

5932c8742b819a8112fabdc0b9db1811
SHA1

207adef0130ed8574f5de2a9a94a796c06e04951
SHA256

4bd9bde3970fb7ae3fefb0c70d36a4e1da7ef94b4fb0cb7b867835bbc7373d98
SHA512

53cafd5425a8b4430a336308e2e0feac7b11c12754ee97f493a5cc0de69d491efb4b28fe967063272d2ebb32c3155f50443f2bb0496b9a44c5ebe6c2414253b3

Score

10^/10

qakbot spx123 1589977350 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Botnet

spx123

Campaign

1589977350

C2

71.77.252.14:2222

174.130.225.61:443

76.187.97.98:2222

187.19.151.218:995

82.127.193.151:2222

72.204.242.138:993

72.204.242.138:993

66.208.105.6:443

24.183.39.93:443

98.243.187.85:443

68.49.120.179:443

72.204.242.138:995

72.29.181.77:2078

72.204.242.138:443

24.136.33.120:2222

96.56.237.174:990

107.2.148.99:443

216.201.162.158:443

71.213.29.14:995

84.247.55.190:443

Targets

- Target
  
  Darlehensvertrag_237886470423_19052020.vbs
- Size
  
  36.3MB
- MD5
  
  a6eb9d904fc5eddda76ad4f9cf678e03
- SHA1
  
  c370a3c9e108ae2452dfdedc91a2aa04634c7002
- SHA256
  
  dfacae17a54e54e9b25d77399619859ed6b196318bd06341c22c7a8b4a090254
- SHA512
  
  c00ac4ecaf2623ac4eb4d47191b3b0608d80bd3da552310652a2ccbc306b408f8c0d6d9e3f35208e2ad93b0c7a872ff8c055db7f2a3ecbb259ae639b55d780fb
Score

10^/10

trojan banker stealer qakbot
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

trojanbankerstealerqakbot

behavioral2

trojanbankerstealerqakbot