qakbot | 326143f1eda171a6e762176069955d7a88f13146a8a728fcbb46f2a723b7ed85

General

Target

111114.jpg
Size

2.9MB
Sample

201126-75l4srkxpj
MD5

0dacee73e7dfebff09da74af78fb8c2e
SHA1

3c54a5b4f78c217849a704d352183b3b0d649565
SHA256

326143f1eda171a6e762176069955d7a88f13146a8a728fcbb46f2a723b7ed85
SHA512

f8d4e681036e69d0db3cce0beaa8b45b43811d410b25a932415ad1f6c14c615d2cb15893180966f9f4a5c858a1de2e14ff9662a84eb68dafeb4a5861af8f218f

Score

10^/10

Malware Config

Extracted

Family

qakbot

Botnet

abc100

Campaign

1606289576

C2

198.2.35.226:2222

84.78.128.76:2078

120.150.34.178:443

24.201.61.153:2078

217.128.117.218:2222

217.133.54.140:32100

156.205.56.98:995

98.26.50.62:995

172.114.116.226:995

109.209.94.165:2222

72.190.101.70:443

92.59.35.196:2083

37.107.82.136:443

85.132.36.111:2222

174.76.11.123:995

219.74.176.225:443

98.118.156.172:443

94.59.120.142:443

72.29.181.78:2078

178.223.20.246:995

Targets

- Target
  
  111114.jpg
- Size
  
  2.9MB
- MD5
  
  0dacee73e7dfebff09da74af78fb8c2e
- SHA1
  
  3c54a5b4f78c217849a704d352183b3b0d649565
- SHA256
  
  326143f1eda171a6e762176069955d7a88f13146a8a728fcbb46f2a723b7ed85
- SHA512
  
  f8d4e681036e69d0db3cce0beaa8b45b43811d410b25a932415ad1f6c14c615d2cb15893180966f9f4a5c858a1de2e14ff9662a84eb68dafeb4a5861af8f218f
Score

10^/10

qakbot abc100 1606289576 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2