qakbot | 4f1fa4e10f6e48c0a9a818f06f09955f2aeec7fe8b25708d5f5b0d1b8e8ec63c | Triage

Sharing

General

Target

1412.exe
Size

2.2MB
Sample

201215-s19s4ct94j
MD5

137a73c7616a191b8941c8d96108879a
SHA1

79c2a58eeab8aeeb53e9d4f37b78826b4fb62383
SHA256

4f1fa4e10f6e48c0a9a818f06f09955f2aeec7fe8b25708d5f5b0d1b8e8ec63c
SHA512

bb813772643c89007185dffde5a19c1c6c5ffc660633a74279fb2d7e27813e60da28a35eb4b28411ac1aea3a014a399c12da81191e93d7d0aaece0bbca10e0b7

Score

10^/10

qakbot tr02 1608026105 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Botnet

tr02

Campaign

1608026105

C2

111.95.212.237:2222

190.220.8.10:995

109.154.79.222:2222

83.110.250.71:995

149.28.99.97:2222

45.63.107.192:443

149.28.101.90:2222

149.28.101.90:995

149.28.99.97:443

149.28.98.196:443

144.202.38.185:2222

45.77.115.208:995

149.28.98.196:2222

149.28.98.196:995

149.28.99.97:995

45.63.107.192:2222

144.202.38.185:995

144.202.38.185:443

45.63.107.192:995

5.13.84.186:995

Targets

- Target
  
  1412.exe
- Size
  
  2.2MB
- MD5
  
  137a73c7616a191b8941c8d96108879a
- SHA1
  
  79c2a58eeab8aeeb53e9d4f37b78826b4fb62383
- SHA256
  
  4f1fa4e10f6e48c0a9a818f06f09955f2aeec7fe8b25708d5f5b0d1b8e8ec63c
- SHA512
  
  bb813772643c89007185dffde5a19c1c6c5ffc660633a74279fb2d7e27813e60da28a35eb4b28411ac1aea3a014a399c12da81191e93d7d0aaece0bbca10e0b7
Score

10^/10

qakbot tr02 1608026105 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

qakbottr021608026105bankerstealertrojan

behavioral2

qakbottr021608026105bankerstealertrojan