qakbot | 8c873be78ec336dc185d18219f0f3c03bb1f2821b39ecaed5295f5c951b12106 | Triage

Sharing

General

Target

Document_1982672596-Copy.zip
Size

24KB
Sample

201214-37ah9qk7dn
MD5

a1f6091b1158c91ca98d1557ec59ff78
SHA1

8301e7a772a28f18150ecad68e557a36ae787639
SHA256

8c873be78ec336dc185d18219f0f3c03bb1f2821b39ecaed5295f5c951b12106
SHA512

774024106ec3e10ab0932273df7cb8a76d11a59058831f97d43da6ac71cbec979eb077ac0a1f740551454676795cecf95d75015cf799c75d652cbcc8aba2ef03

Score

10^/10

qakbot abc112 1607942962 banker macro stealer trojan

Malware Config

Extracted

Family

qakbot

Botnet

abc112

Campaign

1607942962

C2

66.26.160.37:443

84.78.128.76:2222

45.250.69.150:443

108.31.15.10:995

50.244.112.10:995

47.146.34.236:443

24.95.61.62:443

31.5.21.66:995

59.99.37.134:443

79.115.134.161:443

39.57.127.126:995

120.151.95.167:443

47.44.217.98:443

32.212.117.188:443

37.21.231.245:995

184.97.145.239:443

86.121.3.80:443

83.110.97.149:443

83.194.193.247:2222

78.101.158.1:61201

Targets

- Target
  
  Document_1982672596-Copy.xls
- Size
  
  54KB
- MD5
  
  20a1ffc4f5be32a69bd900a51cb6f395
- SHA1
  
  7788a4ff80bcbbe757c498f196910ee90cec9b53
- SHA256
  
  386ea998284cb890f93c36162665180b6f2b6386350b2cfdec9daadfdbb3a82e
- SHA512
  
  2a6fe5e45d20a4fd5e90982e7109a30893f36ac65d5a691005b640dd11617c32357841d65a6032eb71d887f312dabfeda6dc0b661bf70a3fcc50a18cea58790c
Score

10^/10

qakbot abc112 1607942962 banker stealer trojan
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

qakbotabc1121607942962bankerstealertrojan