qakbot | 8df5a7c1ddcdc1b435bb98e6a2e27f869316099e0185e2e320ba2c6ca49cc041 | Triage

Sharing

General

Target

1702.gif.zip
Size

190KB
Sample

210217-cjbl9g6dj6
MD5

0d59272e6dc3c6a4a086f272717e3e24
SHA1

82bdd4d76a053d7c95ddb5967449364f42364e4c
SHA256

8df5a7c1ddcdc1b435bb98e6a2e27f869316099e0185e2e320ba2c6ca49cc041
SHA512

1588e4724121b7fd7fa6328526295abd5c8ced06fc6954d5b012b4e624067a9e0fdb99280c76d15cd0927978bd1703d114159433ef7ca2eca1d4c6591cc66aa8

Score

10^/10

qakbot tr 1613385567 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Botnet

tr

Campaign

1613385567

C2

78.63.226.32:443

197.51.82.72:443

193.248.221.184:2222

95.77.223.148:443

71.199.192.62:443

77.211.30.202:995

80.227.5.69:443

77.27.204.204:995

81.97.154.100:443

173.184.119.153:995

38.92.225.121:443

81.150.181.168:2222

90.65.236.181:2222

83.110.103.152:443

73.153.211.227:443

188.25.63.105:443

89.137.211.239:995

202.188.138.162:443

98.173.34.212:995

87.202.87.210:2222

Targets

- Target
  
  1702.gif
- Size
  
  319KB
- MD5
  
  c932cf352c7f9a7748dc28b3b1a8ac1c
- SHA1
  
  d79ac5e409fc6ed8243c6824a7b5e8daef6320b6
- SHA256
  
  743677c0b3adcaad1c801e7b9ab5b116ca6aac844976a18520151a2310b7f4d8
- SHA512
  
  666446768759973fa4e09888e9980c6d91d4eb0ed34a5c94d05d25aba337e1624b43ae525203cd4e0f69d2c36fb7c2f0a8006ef8935a716c04537afc73c1cf65
Score

10^/10

qakbot tr 1613385567 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

qakbottr1613385567bankerstealertrojan