qakbot | ac6e0692344b93b9f4e147ddac09b597ca51e268d4002174ccaa6982f57eb46e | Triage

Sharing

General

Target

711f31ab27f8b6aeb0531543e8310a0d.dll
Size

255KB
Sample

201125-fn8l6qafcs
MD5

711f31ab27f8b6aeb0531543e8310a0d
SHA1

71ab68867f3a3945158f3183a312aac4bd89bfe2
SHA256

ac6e0692344b93b9f4e147ddac09b597ca51e268d4002174ccaa6982f57eb46e
SHA512

fb9128b16d2cb28101d947f5dc0889ac35bf387c9190137091d3bc8e4b1b8a60751f7a3e5aa0810a72d8a960cb4e442d02af2279d29bae338bdd3dfc00c2fda8

Score

10^/10

qakbot abc101 1606294013 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Botnet

abc101

Campaign

1606294013

C2

98.115.243.237:443

78.101.21.73:443

185.163.221.77:2222

2.51.246.190:995

2.50.2.11:995

175.137.79.81:443

42.201.228.106:995

185.246.9.69:995

81.133.234.36:2222

24.205.42.241:443

73.239.229.107:995

102.185.58.126:443

173.245.152.231:443

105.101.216.210:443

89.137.195.167:995

174.76.21.134:443

41.238.217.126:6881

47.138.204.19:443

79.166.83.103:2222

92.154.83.96:1194

Targets

- Target
  
  711f31ab27f8b6aeb0531543e8310a0d.dll
- Size
  
  255KB
- MD5
  
  711f31ab27f8b6aeb0531543e8310a0d
- SHA1
  
  71ab68867f3a3945158f3183a312aac4bd89bfe2
- SHA256
  
  ac6e0692344b93b9f4e147ddac09b597ca51e268d4002174ccaa6982f57eb46e
- SHA512
  
  fb9128b16d2cb28101d947f5dc0889ac35bf387c9190137091d3bc8e4b1b8a60751f7a3e5aa0810a72d8a960cb4e442d02af2279d29bae338bdd3dfc00c2fda8
Score

10^/10

qakbot abc101 1606294013 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotabc1011606294013bankerstealertrojan

behavioral2

qakbotabc1011606294013bankerstealertrojan