qakbot | 871dd1a75e5557157a81c4064f8b4560b59d006d5469608b10c57c2808219cc6 | Triage

Sharing

General

Target

871dd1a75e5557157a81c4064f8b4560b59d006d5469608b10c57c2808219cc6
Size

2.0MB
Sample

210114-n1vtya2j7a
MD5

0396a15412bd623181eb1c52f678aa6d
SHA1

237f7a110ad7ad1d380a9549c74afd3d4678b31f
SHA256

871dd1a75e5557157a81c4064f8b4560b59d006d5469608b10c57c2808219cc6
SHA512

4b09df2f53640295a8816633b9b6d039dc1fb800dcc359cef25287905841a8a19185458450790f5a6c31cd843409bf2c23accb2c676bc9e126f4a674b9a33c0b

Score

10^/10

qakbot abc110 1607524278 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Botnet

abc110

Campaign

1607524278

C2

78.63.226.32:443

72.252.201.69:443

68.190.152.98:443

72.240.200.181:2222

216.137.142.200:2222

87.27.110.90:2222

94.69.242.254:2222

189.183.209.211:443

94.26.119.221:443

186.189.208.238:443

161.199.180.159:443

197.45.110.165:995

83.110.221.218:443

105.198.236.99:443

83.110.158.22:2222

24.37.178.158:443

185.105.131.233:443

79.101.206.250:995

92.154.83.96:2078

83.202.68.220:2222

Targets

- Target
  
  871dd1a75e5557157a81c4064f8b4560b59d006d5469608b10c57c2808219cc6
- Size
  
  2.0MB
- MD5
  
  0396a15412bd623181eb1c52f678aa6d
- SHA1
  
  237f7a110ad7ad1d380a9549c74afd3d4678b31f
- SHA256
  
  871dd1a75e5557157a81c4064f8b4560b59d006d5469608b10c57c2808219cc6
- SHA512
  
  4b09df2f53640295a8816633b9b6d039dc1fb800dcc359cef25287905841a8a19185458450790f5a6c31cd843409bf2c23accb2c676bc9e126f4a674b9a33c0b
Score

10^/10

qakbot abc110 1607524278 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

qakbotabc1101607524278bankerstealertrojan

behavioral2

qakbotabc1101607524278bankerstealertrojan