qakbot | 315c4502f7d1d792cb7b03d021d9955a96834048ea3e1d6dd0e0b13b2c51bcf6 | Triage

Sharing

General

Target

qbot
Size

2.2MB
Sample

210113-e9fq4bj6fs
MD5

af7ab54448daab0414002cf2e871a8c1
SHA1

78f66416f2527dface322a280398fad627e627fc
SHA256

315c4502f7d1d792cb7b03d021d9955a96834048ea3e1d6dd0e0b13b2c51bcf6
SHA512

5f49f3574b189f407107892ffbc5c08edf019101e5c6c5f4f9b36cf313fab3c0c3fca1a5ef180dbd8c7d1e4a85691817c8e344919650e7ab07534f260006f71e

Score

10^/10

qakbot tr02 1608026105 banker cryptone packer stealer trojan

Malware Config

Extracted

Family

qakbot

Botnet

tr02

Campaign

1608026105

C2

111.95.212.237:2222

190.220.8.10:995

109.154.79.222:2222

83.110.250.71:995

149.28.99.97:2222

45.63.107.192:443

149.28.101.90:2222

149.28.101.90:995

149.28.99.97:443

149.28.98.196:443

144.202.38.185:2222

45.77.115.208:995

149.28.98.196:2222

149.28.98.196:995

149.28.99.97:995

45.63.107.192:2222

144.202.38.185:995

144.202.38.185:443

45.63.107.192:995

5.13.84.186:995

Targets

- Target
  
  qbot
- Size
  
  2.2MB
- MD5
  
  af7ab54448daab0414002cf2e871a8c1
- SHA1
  
  78f66416f2527dface322a280398fad627e627fc
- SHA256
  
  315c4502f7d1d792cb7b03d021d9955a96834048ea3e1d6dd0e0b13b2c51bcf6
- SHA512
  
  5f49f3574b189f407107892ffbc5c08edf019101e5c6c5f4f9b36cf313fab3c0c3fca1a5ef180dbd8c7d1e4a85691817c8e344919650e7ab07534f260006f71e
Score

10^/10

qakbot tr02 1608026105 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

qakbottr021608026105bankerstealertrojan

behavioral2

qakbottr021608026105bankerstealertrojan