qakbot | fc7a4edf9d9984d4a53b4296f0d0160436144bc5631b8c5b445a86f3bfa9ff61 | Triage

Sharing

General

Target

fc7a4edf9d9984d4a53b4296f0d0160436144bc5631b8c5b445a86f3bfa9ff61
Size

309KB
Sample

210114-shvm4ynlxj
MD5

adf336da1b88a72ae2390bf687bd26ab
SHA1

ffe67aa469ab7b96d5699c06860eb5c082aecb7f
SHA256

fc7a4edf9d9984d4a53b4296f0d0160436144bc5631b8c5b445a86f3bfa9ff61
SHA512

1477ea1ad94756c4fd7957e607ab57b75837dfc78fe3afb7051edc02316a4ea803fde8c57a237bfeedf4c36727f5795174892032e2251caa4f36e4d33cc45202

Score

10^/10

qakbot tr02 1608203954 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Botnet

tr02

Campaign

1608203954

C2

78.101.130.59:995

217.128.117.218:2222

58.152.9.133:443

98.190.24.81:443

80.11.210.247:443

87.27.110.90:2222

79.114.236.11:443

78.181.19.134:443

197.45.110.165:995

86.122.248.164:2222

83.194.193.247:2222

2.7.69.217:2222

105.198.236.101:443

140.82.49.12:443

185.105.131.233:443

77.145.0.57:2222

5.193.106.230:2078

184.189.122.72:443

189.150.111.8:2222

117.215.192.177:443

Targets

- Target
  
  fc7a4edf9d9984d4a53b4296f0d0160436144bc5631b8c5b445a86f3bfa9ff61
- Size
  
  309KB
- MD5
  
  adf336da1b88a72ae2390bf687bd26ab
- SHA1
  
  ffe67aa469ab7b96d5699c06860eb5c082aecb7f
- SHA256
  
  fc7a4edf9d9984d4a53b4296f0d0160436144bc5631b8c5b445a86f3bfa9ff61
- SHA512
  
  1477ea1ad94756c4fd7957e607ab57b75837dfc78fe3afb7051edc02316a4ea803fde8c57a237bfeedf4c36727f5795174892032e2251caa4f36e4d33cc45202
Score

10^/10

qakbot tr02 1608203954 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

qakbottr021608203954bankerstealertrojan

behavioral2

qakbottr021608203954bankerstealertrojan