qakbot | aea50f2da1e4b98495b968867acd0cf538e1746e0eb5e0cda939846dd6e04ef0 | Triage

Sharing

General

Target

SecuriteInfo.com.Mal.EncPk-APV.25148.2058
Size

2.2MB
Sample

201216-ngcmwkq1cx
MD5

2d93a414f1ae726f1076b9cee666fea7
SHA1

92f0a87d35d6a6d75022600771cd62d2d3d6f01d
SHA256

aea50f2da1e4b98495b968867acd0cf538e1746e0eb5e0cda939846dd6e04ef0
SHA512

89bc350974b249996f09f8ba161a912513c0d3c6b916f65af8eee8645a8b21a12948b76889dc617042712229c7a45d218056379edaf67476e45c2297af945ce9

Score

10^/10

qakbot abc114 1608129413 banker cryptone packer stealer trojan

Malware Config

Extracted

Family

qakbot

Botnet

abc114

Campaign

1608129413

C2

86.127.22.190:443

35.139.242.207:443

108.190.194.146:2222

187.213.199.54:443

68.83.89.188:443

41.233.152.232:993

196.151.252.84:443

181.208.249.141:443

172.87.134.226:443

96.27.47.70:2222

83.110.109.78:2222

93.86.1.159:995

217.162.149.212:443

80.11.210.247:443

72.252.201.69:443

185.163.221.77:2222

189.62.175.92:22

95.76.27.6:443

45.77.115.208:443

187.213.82.104:995

Targets

- Target
  
  SecuriteInfo.com.Mal.EncPk-APV.25148.2058
- Size
  
  2.2MB
- MD5
  
  2d93a414f1ae726f1076b9cee666fea7
- SHA1
  
  92f0a87d35d6a6d75022600771cd62d2d3d6f01d
- SHA256
  
  aea50f2da1e4b98495b968867acd0cf538e1746e0eb5e0cda939846dd6e04ef0
- SHA512
  
  89bc350974b249996f09f8ba161a912513c0d3c6b916f65af8eee8645a8b21a12948b76889dc617042712229c7a45d218056379edaf67476e45c2297af945ce9
Score

10^/10

qakbot abc114 1608129413 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

qakbotabc1141608129413bankerstealertrojan

behavioral2

qakbotabc1141608129413bankerstealertrojan