qakbot | 71e2483b2d36765651132c9c1f935784a2008a91159b0ee3bbfb94193d0d644e | Triage

Sharing

General

Target

71e2483b2d36765651132c9c1f935784a2008a91159b0ee3bbfb94193d0d644e
Size

402KB
Sample

210114-aeyds483ye
MD5

74d8ec87fcc6d4fb65dea95cbf0b7ed0
SHA1

0907206e93cbf8492e673c59855965bb6bd9d6aa
SHA256

71e2483b2d36765651132c9c1f935784a2008a91159b0ee3bbfb94193d0d644e
SHA512

5fff54384cf81a4fb2b27b25bd574630b85dbf8d1b9a9f94188720e92ee3ba8e9ed0e921922e2bba29748a2d5892330faa3780595c6977ae645170e94fb5438b

Score

10^/10

qakbot tr02 1607427512 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Botnet

tr02

Campaign

1607427512

C2

73.32.115.251:443

161.199.180.159:443

185.163.221.77:2222

197.161.154.132:443

105.198.236.99:443

83.196.50.197:2222

96.225.88.23:443

156.222.27.207:995

81.214.126.173:2222

83.110.13.182:2222

85.121.42.12:443

67.82.244.199:2222

172.87.157.235:3389

86.176.133.145:2222

72.186.1.237:443

80.11.5.65:2222

94.59.236.155:995

81.150.181.168:2222

184.98.97.227:995

149.28.101.90:443

Targets

- Target
  
  71e2483b2d36765651132c9c1f935784a2008a91159b0ee3bbfb94193d0d644e
- Size
  
  402KB
- MD5
  
  74d8ec87fcc6d4fb65dea95cbf0b7ed0
- SHA1
  
  0907206e93cbf8492e673c59855965bb6bd9d6aa
- SHA256
  
  71e2483b2d36765651132c9c1f935784a2008a91159b0ee3bbfb94193d0d644e
- SHA512
  
  5fff54384cf81a4fb2b27b25bd574630b85dbf8d1b9a9f94188720e92ee3ba8e9ed0e921922e2bba29748a2d5892330faa3780595c6977ae645170e94fb5438b
Score

10^/10

qakbot tr02 1607427512 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

qakbottr021607427512bankerstealertrojan

behavioral2

qakbottr021607427512bankerstealertrojan