qakbot | 87c930e77cd473619be820cb72acc0b1367c13cfe8f21d1755ad888aab8f159f | Triage

Sharing

General

Target

SecuriteInfo.com.BackDoor.Qbot.561.21011.2013
Size

2.0MB
Sample

201210-yhv98bsb1n
MD5

eee87c1dfab749cabb2d46c42e651712
SHA1

5823d123779f72f4826334caf595a932259bbdd3
SHA256

87c930e77cd473619be820cb72acc0b1367c13cfe8f21d1755ad888aab8f159f
SHA512

1d8dcd0d305c6abee8530f7e4ab582cd66e5eca62a3d9417a647dd963f634e68619940d7501fc08d90d12016fc6c02f6975b90ab5dbe1b85ec9a2ce3ef3bdc0a

Score

10^/10

qakbot abc109 1607499808 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Botnet

abc109

Campaign

1607499808

C2

37.210.255.225:443

83.110.13.182:2222

74.75.237.11:443

5.193.106.230:2078

86.125.205.97:443

58.152.9.133:443

83.110.221.218:443

178.87.49.9:443

217.128.117.218:2222

78.63.226.32:443

85.204.189.105:443

217.133.54.140:32100

87.27.110.90:2222

90.23.117.67:2222

94.69.242.254:2222

72.182.209.97:2222

89.137.211.239:443

197.45.110.165:995

105.198.236.99:443

39.32.72.187:995

Targets

- Target
  
  SecuriteInfo.com.BackDoor.Qbot.561.21011.2013
- Size
  
  2.0MB
- MD5
  
  eee87c1dfab749cabb2d46c42e651712
- SHA1
  
  5823d123779f72f4826334caf595a932259bbdd3
- SHA256
  
  87c930e77cd473619be820cb72acc0b1367c13cfe8f21d1755ad888aab8f159f
- SHA512
  
  1d8dcd0d305c6abee8530f7e4ab582cd66e5eca62a3d9417a647dd963f634e68619940d7501fc08d90d12016fc6c02f6975b90ab5dbe1b85ec9a2ce3ef3bdc0a
Score

10^/10

qakbot abc109 1607499808 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

qakbotabc1091607499808bankerstealertrojan

behavioral2

qakbotabc1091607499808bankerstealertrojan