qakbot | 9aeb58da5439915bbf9889579c3d7e5e80ec65d3225316bf03034b95dadf2779 | Triage

Sharing

General

Target

5555555555.jpg
Size

223KB
Sample

201215-w9ry942m6n
MD5

cfd5809e2748451f37957ccc615f4cf0
SHA1

1ef5cb10323ae79b57fe8e6d77e313297c8ae3cf
SHA256

9aeb58da5439915bbf9889579c3d7e5e80ec65d3225316bf03034b95dadf2779
SHA512

5a384da49169ab9efc4074a0821fe8b3330607c8d3a49cdb3fc57ac90986dbcf85c0c7a6d27d33d0b1be80aa4c975a28dfc1033fb8fa93003183363e1f896605

Score

10^/10

qakbot abc112 1607942962 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Botnet

abc112

Campaign

1607942962

C2

66.26.160.37:443

84.78.128.76:2222

45.250.69.150:443

108.31.15.10:995

50.244.112.10:995

47.146.34.236:443

24.95.61.62:443

31.5.21.66:995

59.99.37.134:443

79.115.134.161:443

39.57.127.126:995

120.151.95.167:443

47.44.217.98:443

32.212.117.188:443

37.21.231.245:995

184.97.145.239:443

86.121.3.80:443

83.110.97.149:443

83.194.193.247:2222

78.101.158.1:61201

Targets

- Target
  
  5555555555.jpg
- Size
  
  223KB
- MD5
  
  cfd5809e2748451f37957ccc615f4cf0
- SHA1
  
  1ef5cb10323ae79b57fe8e6d77e313297c8ae3cf
- SHA256
  
  9aeb58da5439915bbf9889579c3d7e5e80ec65d3225316bf03034b95dadf2779
- SHA512
  
  5a384da49169ab9efc4074a0821fe8b3330607c8d3a49cdb3fc57ac90986dbcf85c0c7a6d27d33d0b1be80aa4c975a28dfc1033fb8fa93003183363e1f896605
Score

10^/10

qakbot abc112 1607942962 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

qakbotabc1121607942962bankerstealertrojan

behavioral2

qakbotabc1121607942962bankerstealertrojan