qakbot | f2ec4d6a4cf9e3a9ffd51292ca722f8e4cb860e047bea963e5d76f94221e184a | Triage

Sharing

General

Target

f2ec4d6a4cf9e3a9ffd51292ca722f8e4cb860e047bea963e5d76f94221e184a
Size

251KB
Sample

201125-nlyz3s6ktj
MD5

a710a42b010bc82a53107a73f6e0d0ef
SHA1

5f0f2c19bb57f164c49b02c6bb066b1e27779c6c
SHA256

f2ec4d6a4cf9e3a9ffd51292ca722f8e4cb860e047bea963e5d76f94221e184a
SHA512

6e7f5de74a2fed73cae068c3e8a196630d2257c5b213d6f3ba6887bffc0ee829c34fae2061d8bf89594ee5f8da88645bba24cf8301cc271757b68344882b18dc

Score

10^/10

qakbot abc100 1606207839 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Botnet

abc100

Campaign

1606207839

C2

37.6.223.237:995

2.51.246.190:995

37.211.86.156:443

42.201.228.106:995

50.29.166.232:995

102.185.58.126:443

81.133.234.36:2222

2.50.89.158:995

79.166.83.103:2222

173.245.152.231:443

2.86.41.23:2222

93.151.180.170:61202

24.179.13.119:443

24.152.219.253:995

105.198.236.99:443

24.205.42.241:443

176.58.132.212:2222

151.73.126.156:443

94.52.68.72:443

47.146.169.85:443

Targets

- Target
  
  f2ec4d6a4cf9e3a9ffd51292ca722f8e4cb860e047bea963e5d76f94221e184a
- Size
  
  251KB
- MD5
  
  a710a42b010bc82a53107a73f6e0d0ef
- SHA1
  
  5f0f2c19bb57f164c49b02c6bb066b1e27779c6c
- SHA256
  
  f2ec4d6a4cf9e3a9ffd51292ca722f8e4cb860e047bea963e5d76f94221e184a
- SHA512
  
  6e7f5de74a2fed73cae068c3e8a196630d2257c5b213d6f3ba6887bffc0ee829c34fae2061d8bf89594ee5f8da88645bba24cf8301cc271757b68344882b18dc
Score

10^/10

qakbot abc100 1606207839 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotabc1001606207839bankerstealertrojan

behavioral2

qakbotabc1001606207839bankerstealertrojan