qakbot | 810bc0614987d774e1c5676979b9b3c7000479dfffc5d729b41e14469927d78a | Triage

Sharing

General

Target

SecuriteInfo.com.BackDoor.Qbot.561.8194.28956
Size

2.0MB
Sample

201210-75bgr9v35x
MD5

7adc27e4fe071b189bc62700b8f4db57
SHA1

95ac48411ef8f4d35ac04f79a41d48ed91c07312
SHA256

810bc0614987d774e1c5676979b9b3c7000479dfffc5d729b41e14469927d78a
SHA512

1c49a75e1dde6718a75d5e5176bd18ab4a5572e6af8c60f5289fb6c69e18817ecb41abc7da88ca8a6b060d635821e1d1f2fa3cba1cb193ac241d7bfd0f3e1396

Score

10^/10

qakbot abc109 1607499808 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Botnet

abc109

Campaign

1607499808

C2

37.210.255.225:443

83.110.13.182:2222

74.75.237.11:443

5.193.106.230:2078

86.125.205.97:443

58.152.9.133:443

83.110.221.218:443

178.87.49.9:443

217.128.117.218:2222

78.63.226.32:443

85.204.189.105:443

217.133.54.140:32100

87.27.110.90:2222

90.23.117.67:2222

94.69.242.254:2222

72.182.209.97:2222

89.137.211.239:443

197.45.110.165:995

105.198.236.99:443

39.32.72.187:995

Targets

- Target
  
  SecuriteInfo.com.BackDoor.Qbot.561.8194.28956
- Size
  
  2.0MB
- MD5
  
  7adc27e4fe071b189bc62700b8f4db57
- SHA1
  
  95ac48411ef8f4d35ac04f79a41d48ed91c07312
- SHA256
  
  810bc0614987d774e1c5676979b9b3c7000479dfffc5d729b41e14469927d78a
- SHA512
  
  1c49a75e1dde6718a75d5e5176bd18ab4a5572e6af8c60f5289fb6c69e18817ecb41abc7da88ca8a6b060d635821e1d1f2fa3cba1cb193ac241d7bfd0f3e1396
Score

10^/10

qakbot abc109 1607499808 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

qakbotabc1091607499808bankerstealertrojan

behavioral2

qakbotabc1091607499808bankerstealertrojan