qakbot | f4c5d5ad8e726a525feb7ded5a015312260771cd5a932d99860c9eb19721a7a1

General

Target

ma.dll
Size

805KB
Sample

210212-v4yvqvza1s
MD5

1bb03c456a3e113d7085ea70d37e7a72
SHA1

9381007c30ac38ca502b1dd873165ff57e466e6f
SHA256

f4c5d5ad8e726a525feb7ded5a015312260771cd5a932d99860c9eb19721a7a1
SHA512

f4d78b3ee1f64c78a67d0f779743eca77e553fac0e98ffe77ce38d149600e386b6f577438a3b68aff9702e613092c68ed24607a53fef7ac997291c463d9f3cb6

Score

10^/10

Malware Config

Extracted

Family

qakbot

Botnet

domain02

Campaign

1611939347

C2

81.88.254.62:443

105.198.236.99:443

105.186.102.16:443

216.201.162.158:443

181.48.190.78:443

71.187.170.235:443

24.229.150.54:995

68.225.60.77:995

75.68.51.184:443

96.37.113.36:993

75.118.1.141:443

193.248.221.184:2222

81.97.154.100:443

75.136.40.155:443

79.129.121.81:995

189.131.227.128:443

160.3.187.114:443

189.237.26.15:443

189.222.111.204:443

106.250.150.98:443

Targets

- Target
  
  ma.dll
- Size
  
  805KB
- MD5
  
  1bb03c456a3e113d7085ea70d37e7a72
- SHA1
  
  9381007c30ac38ca502b1dd873165ff57e466e6f
- SHA256
  
  f4c5d5ad8e726a525feb7ded5a015312260771cd5a932d99860c9eb19721a7a1
- SHA512
  
  f4d78b3ee1f64c78a67d0f779743eca77e553fac0e98ffe77ce38d149600e386b6f577438a3b68aff9702e613092c68ed24607a53fef7ac997291c463d9f3cb6
Score

10^/10

qakbot domain02 1611939347 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2