qakbot | 743677c0b3adcaad1c801e7b9ab5b116ca6aac844976a18520151a2310b7f4d8 | Triage

Sharing

General

Target

1702.gif
Size

319KB
Sample

210217-ry83yspvrs
MD5

c932cf352c7f9a7748dc28b3b1a8ac1c
SHA1

d79ac5e409fc6ed8243c6824a7b5e8daef6320b6
SHA256

743677c0b3adcaad1c801e7b9ab5b116ca6aac844976a18520151a2310b7f4d8
SHA512

666446768759973fa4e09888e9980c6d91d4eb0ed34a5c94d05d25aba337e1624b43ae525203cd4e0f69d2c36fb7c2f0a8006ef8935a716c04537afc73c1cf65

Score

10^/10

qakbot tr 1613385567 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Botnet

tr

Campaign

1613385567

C2

78.63.226.32:443

197.51.82.72:443

193.248.221.184:2222

95.77.223.148:443

71.199.192.62:443

77.211.30.202:995

80.227.5.69:443

77.27.204.204:995

81.97.154.100:443

173.184.119.153:995

38.92.225.121:443

81.150.181.168:2222

90.65.236.181:2222

83.110.103.152:443

73.153.211.227:443

188.25.63.105:443

89.137.211.239:995

202.188.138.162:443

98.173.34.212:995

87.202.87.210:2222

Targets

- Target
  
  1702.gif
- Size
  
  319KB
- MD5
  
  c932cf352c7f9a7748dc28b3b1a8ac1c
- SHA1
  
  d79ac5e409fc6ed8243c6824a7b5e8daef6320b6
- SHA256
  
  743677c0b3adcaad1c801e7b9ab5b116ca6aac844976a18520151a2310b7f4d8
- SHA512
  
  666446768759973fa4e09888e9980c6d91d4eb0ed34a5c94d05d25aba337e1624b43ae525203cd4e0f69d2c36fb7c2f0a8006ef8935a716c04537afc73c1cf65
Score

10^/10

qakbot tr 1613385567 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

qakbottr1613385567bankerstealertrojan

behavioral2

qakbottr1613385567bankerstealertrojan