qakbot | 6f7d90eaf620223280720a36a4e2e43ffa1d7b5870f5c04962a3e204252c2d93 | Triage

Sharing

General

Target

SecuriteInfo.com.Trojan.Agent.FAPR.6060.15343
Size

615KB
Sample

201216-zqzch2zk3s
MD5

1608335e1d7c1e187db45a819888cde0
SHA1

d738a66aabf12da845691129c613c68ec03021ed
SHA256

6f7d90eaf620223280720a36a4e2e43ffa1d7b5870f5c04962a3e204252c2d93
SHA512

ba87b2a4b96934a4128b92e32c098cdbe48948e48c63c931bb33975bc892d908fa4872d771be40d2f2717f16945b72a9fa54a9a2fc58b85bd76718bf8a921360

Score

10^/10

qakbot abc113 1608027772 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Botnet

abc113

Campaign

1608027772

C2

35.139.242.207:443

71.117.132.169:443

39.36.112.67:995

90.201.21.58:443

188.210.229.205:443

86.121.43.200:443

202.188.138.162:443

51.235.149.29:443

113.193.187.2:995

217.133.54.140:32100

47.44.217.98:443

81.97.154.100:443

72.66.47.70:443

193.248.154.174:2222

80.227.5.70:443

140.82.49.12:443

24.139.72.117:443

64.225.166.16:2222

189.183.206.109:443

111.95.212.237:2222

Targets

- Target
  
  SecuriteInfo.com.Trojan.Agent.FAPR.6060.15343
- Size
  
  615KB
- MD5
  
  1608335e1d7c1e187db45a819888cde0
- SHA1
  
  d738a66aabf12da845691129c613c68ec03021ed
- SHA256
  
  6f7d90eaf620223280720a36a4e2e43ffa1d7b5870f5c04962a3e204252c2d93
- SHA512
  
  ba87b2a4b96934a4128b92e32c098cdbe48948e48c63c931bb33975bc892d908fa4872d771be40d2f2717f16945b72a9fa54a9a2fc58b85bd76718bf8a921360
Score

10^/10

qakbot abc113 1608027772 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

qakbotabc1131608027772bankerstealertrojan

behavioral2

qakbotabc1131608027772bankerstealertrojan