qakbot | 692aa8adc305de52bc4c784fc272aaf943b4f8128162b712b24444342078c751 | Triage

Sharing

General

Target

692aa8adc305de52bc4c784fc272aaf943b4f8128162b712b24444342078c751.bin
Size

2.0MB
Sample

201210-4266mhr6dx
MD5

136b75b273e9889814978d89a2f304be
SHA1

e384d4b120d6bc072e5517ecfe30e17cea8b901e
SHA256

692aa8adc305de52bc4c784fc272aaf943b4f8128162b712b24444342078c751
SHA512

6272c00f4ebc3518cb98a4147c504078f7d675c4ba9c0e283b50986292c378970f445175ec187e86254f153708d570a7ce0261d54d4e265fbd6add919263326b

Score

10^/10

qakbot tr02 1607427512 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Botnet

tr02

Campaign

1607427512

C2

73.32.115.251:443

161.199.180.159:443

185.163.221.77:2222

197.161.154.132:443

105.198.236.99:443

83.196.50.197:2222

96.225.88.23:443

156.222.27.207:995

81.214.126.173:2222

83.110.13.182:2222

85.121.42.12:443

67.82.244.199:2222

172.87.157.235:3389

86.176.133.145:2222

72.186.1.237:443

80.11.5.65:2222

94.59.236.155:995

81.150.181.168:2222

184.98.97.227:995

149.28.101.90:443

Targets

- Target
  
  692aa8adc305de52bc4c784fc272aaf943b4f8128162b712b24444342078c751.bin
- Size
  
  2.0MB
- MD5
  
  136b75b273e9889814978d89a2f304be
- SHA1
  
  e384d4b120d6bc072e5517ecfe30e17cea8b901e
- SHA256
  
  692aa8adc305de52bc4c784fc272aaf943b4f8128162b712b24444342078c751
- SHA512
  
  6272c00f4ebc3518cb98a4147c504078f7d675c4ba9c0e283b50986292c378970f445175ec187e86254f153708d570a7ce0261d54d4e265fbd6add919263326b
Score

10^/10

qakbot tr02 1607427512 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

qakbottr021607427512bankerstealertrojan

behavioral2

qakbottr021607427512bankerstealertrojan