qakbot | 5094e17105845238a6a2aaf54cd6769733032009a9ddd24e8af046837c1c12e6

General

Target

md.dll
Size

2.8MB
Sample

210215-qzqcaj7jhn
MD5

04416cf8bf1c7d31a606edff765529df
SHA1

bb6abc451db164e17a5dd030b355b309c219623d
SHA256

5094e17105845238a6a2aaf54cd6769733032009a9ddd24e8af046837c1c12e6
SHA512

348e86e7efa139f90fe71b751d476aa0ea6e83cc0cc37f9d18b4d9ebc0d37a47bafc4d911a603457bd6d36b7ed323520b11df06edb69605c961c721037628317

Score

10^/10

Malware Config

Extracted

Family

qakbot

Botnet

domain02

Campaign

1606721866

C2

106.51.52.111:443

2.88.53.159:995

89.33.87.107:443

185.105.131.233:443

175.137.119.141:443

197.161.154.132:443

39.32.125.15:995

217.133.54.140:32100

118.70.55.146:443

86.97.221.121:443

194.243.78.225:443

87.27.110.90:2222

196.151.252.84:443

5.15.30.56:443

85.121.42.12:443

90.23.117.67:2222

197.45.110.165:995

86.99.134.235:2222

59.96.165.120:443

174.76.21.134:443

Targets

- Target
  
  md.dll
- Size
  
  2.8MB
- MD5
  
  04416cf8bf1c7d31a606edff765529df
- SHA1
  
  bb6abc451db164e17a5dd030b355b309c219623d
- SHA256
  
  5094e17105845238a6a2aaf54cd6769733032009a9ddd24e8af046837c1c12e6
- SHA512
  
  348e86e7efa139f90fe71b751d476aa0ea6e83cc0cc37f9d18b4d9ebc0d37a47bafc4d911a603457bd6d36b7ed323520b11df06edb69605c961c721037628317
Score

10^/10

qakbot domain02 1606721866 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2