qakbot | b51044c0907e71393cb3eed65be6f7f84ff0a75b26c5f7f64d57d58d355c514e | Triage

Sharing

General

Target

b51044c0907e71393cb3eed65be6f7f84ff0a75b26c5f7f64d57d58d355c514e
Size

494KB
Sample

210114-kk43ccgwhe
MD5

d14cb0d6b42ba7ff6e4c49ad729603b2
SHA1

f25ad777383a2de4e12eb3b3ae47f5eafa070dc3
SHA256

b51044c0907e71393cb3eed65be6f7f84ff0a75b26c5f7f64d57d58d355c514e
SHA512

96ee19298e4aa013c752cd46a9314a5a59e4dd3cfd767871350990de195e09c6f32910a042e1635a9a86c254cc1420277520803513ee993e21cbd89d9afc94cc

Score

10^/10

qakbot abc102 1606735229 banker persistence stealer trojan

Malware Config

Extracted

Family

qakbot

Botnet

abc102

Campaign

1606735229

C2

98.26.50.62:995

98.4.227.199:443

106.51.52.111:443

2.88.53.159:995

83.196.50.197:2222

92.137.138.52:2222

89.33.87.107:443

185.105.131.233:443

80.106.85.24:2222

197.161.154.132:443

79.129.121.81:995

217.133.54.140:32100

118.70.55.146:443

86.97.221.121:443

194.243.78.225:443

87.27.110.90:2222

196.151.252.84:443

85.121.42.12:443

90.23.117.67:2222

197.45.110.165:995

Targets

- Target
  
  b51044c0907e71393cb3eed65be6f7f84ff0a75b26c5f7f64d57d58d355c514e
- Size
  
  494KB
- MD5
  
  d14cb0d6b42ba7ff6e4c49ad729603b2
- SHA1
  
  f25ad777383a2de4e12eb3b3ae47f5eafa070dc3
- SHA256
  
  b51044c0907e71393cb3eed65be6f7f84ff0a75b26c5f7f64d57d58d355c514e
- SHA512
  
  96ee19298e4aa013c752cd46a9314a5a59e4dd3cfd767871350990de195e09c6f32910a042e1635a9a86c254cc1420277520803513ee993e21cbd89d9afc94cc
Score

10^/10

qakbot abc102 1606735229 banker stealer trojan persistence
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

qakbotabc1021606735229bankerstealertrojan

behavioral2

qakbotabc1021606735229bankerpersistencestealertrojan