qakbot | 6eea974b834e03d9403cd094e8dc551a2c35c5853ec7da05a94061924795aaab | Triage

Sharing

General

Target

2222222222.dll
Size

707KB
Sample

201217-v7br94rf4j
MD5

b58aeb218444e25f10d7c0229660d02a
SHA1

fc4a42f35d605496bae0252af88b7f95cd9ebcaf
SHA256

6eea974b834e03d9403cd094e8dc551a2c35c5853ec7da05a94061924795aaab
SHA512

0c0a174389159dd8eb5e098f7a40bd4d63bf6dc14a60b7566586c36844fc25c1b6677454e1924b373da946189054b25fe44cda22434d5e96d5a38c2faf1fd40b

Score

10^/10

qakbot abc115 1608200390 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Botnet

abc115

Campaign

1608200390

C2

95.76.27.6:443

35.139.242.207:443

93.86.1.159:995

190.30.186.43:443

151.60.38.21:443

5.2.212.254:443

39.36.112.67:995

78.63.226.32:443

68.131.19.52:443

86.121.43.200:443

47.44.217.98:443

5.204.148.208:995

2.91.235.94:443

217.133.54.140:32100

86.121.3.80:443

82.76.47.211:443

5.193.148.126:2078

109.205.204.229:2222

82.12.157.95:995

45.77.115.208:2222

Targets

- Target
  
  2222222222.dll
- Size
  
  707KB
- MD5
  
  b58aeb218444e25f10d7c0229660d02a
- SHA1
  
  fc4a42f35d605496bae0252af88b7f95cd9ebcaf
- SHA256
  
  6eea974b834e03d9403cd094e8dc551a2c35c5853ec7da05a94061924795aaab
- SHA512
  
  0c0a174389159dd8eb5e098f7a40bd4d63bf6dc14a60b7566586c36844fc25c1b6677454e1924b373da946189054b25fe44cda22434d5e96d5a38c2faf1fd40b
Score

10^/10

qakbot abc115 1608200390 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

qakbotabc1151608200390bankerstealertrojan

behavioral2

qakbotabc1151608200390bankerstealertrojan