qakbot | ec38eb6ee133958ef6cc3bfa257d9368c615b3182d22282f63d12ca7f2b2c5be | Triage

Sharing

General

Target

444444.png
Size

2.3MB
Sample

200526-xk49bs3f4x
MD5

f8849261a9db65164958d8c99ebc1f13
SHA1

004818f4c927ba99a0694fd94cc754dd4df731fd
SHA256

ec38eb6ee133958ef6cc3bfa257d9368c615b3182d22282f63d12ca7f2b2c5be
SHA512

7532e2943353bc7c38b54c7c128f27cccc41cfc2e5dfc86cd899de5c50b1af102f2dbd6648086a9d2d8b38797c27b6555fb2803594e2b7d1de266418e0b86bde

Score

10^/10

qakbot spx96 1586873043 banker evasion persistence stealer trojan

Malware Config

Extracted

Family

qakbot

Botnet

spx96

Campaign

1586873043

C2

72.209.191.27:443

173.22.120.11:2222

108.227.161.27:995

172.87.134.226:443

181.197.195.138:995

98.21.52.194:443

76.180.69.236:443

68.98.142.248:443

68.52.164.175:443

39.59.63.142:995

35.142.126.181:443

96.35.170.82:2222

75.111.145.5:443

47.214.144.253:443

74.105.139.160:443

67.8.103.21:443

50.108.212.180:443

83.25.7.201:2222

188.25.237.208:443

184.167.2.251:2222

Targets

- Target
  
  444444.png
- Size
  
  2.3MB
- MD5
  
  f8849261a9db65164958d8c99ebc1f13
- SHA1
  
  004818f4c927ba99a0694fd94cc754dd4df731fd
- SHA256
  
  ec38eb6ee133958ef6cc3bfa257d9368c615b3182d22282f63d12ca7f2b2c5be
- SHA512
  
  7532e2943353bc7c38b54c7c128f27cccc41cfc2e5dfc86cd899de5c50b1af102f2dbd6648086a9d2d8b38797c27b6555fb2803594e2b7d1de266418e0b86bde
Score

10^/10

evasion trojan persistence banker stealer qakbot
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Turns off Windows Defender SpyNet reporting
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run entry to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencetrojanbankerstealerqakbotevasion

behavioral2

persistencetrojanbankerstealerqakbotevasion