qakbot | ac11418eab2ce452eee06a6fc218716ded1748ad0a94a7e28e2454544a80e094 | Triage

Sharing

General

Target

4574557[1].png
Size

1.0MB
Sample

201124-ldbnb9zmyx
MD5

8f84a75f05de69afb3326e24318117a2
SHA1

b96e0de50f0215d6b07095a89e93f56aa83fde2b
SHA256

ac11418eab2ce452eee06a6fc218716ded1748ad0a94a7e28e2454544a80e094
SHA512

35159cb15ea90bf47c4bcad4518e972b9b7be1c2c000d73f9a1dacd76590a42d0df9a684793a703765f3c56879e03a9208b39061ba41a9c5d08963f4d79527b0

Score

10^/10

qakbot abc030 1605174628 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Botnet

abc030

Campaign

1605174628

C2

203.198.96.163:443

78.125.133.231:443

37.105.231.62:443

173.245.152.231:443

85.60.132.8:2078

47.44.217.98:443

24.55.66.125:443

73.166.10.38:995

85.105.29.218:443

92.154.83.96:1194

72.179.13.59:443

86.97.191.98:2222

78.101.234.58:443

108.160.123.244:443

90.148.201.218:995

46.53.21.97:443

90.53.103.157:2222

2.50.169.188:443

173.197.22.90:2222

217.165.2.92:995

Targets

- Target
  
  4574557[1].png
- Size
  
  1.0MB
- MD5
  
  8f84a75f05de69afb3326e24318117a2
- SHA1
  
  b96e0de50f0215d6b07095a89e93f56aa83fde2b
- SHA256
  
  ac11418eab2ce452eee06a6fc218716ded1748ad0a94a7e28e2454544a80e094
- SHA512
  
  35159cb15ea90bf47c4bcad4518e972b9b7be1c2c000d73f9a1dacd76590a42d0df9a684793a703765f3c56879e03a9208b39061ba41a9c5d08963f4d79527b0
Score

10^/10

qakbot abc030 1605174628 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

qakbotabc0301605174628bankerstealertrojan

behavioral2

qakbotabc0301605174628bankerstealertrojan