qakbot | 997fc0678899eedb511541ba9dfcf1a4823f5730d72a576cc12320ee49e3ec65

General

Target

md.dll
Size

949KB
Sample

210220-7fttn13kge
MD5

a9d59daeb3b08134eb4f40be73085ea7
SHA1

2bd25320f23a64f0cadb4225cb8a7970a9db6701
SHA256

997fc0678899eedb511541ba9dfcf1a4823f5730d72a576cc12320ee49e3ec65
SHA512

0aba19aace4a4529965ca71847c986792bd1b68425e9ded63286510452f15f724bfa04681b7d8c2ea7925e1b19546b27b4ea0dbefd724dfab9d2d0a3258578c9

Score

10^/10

Malware Config

Extracted

Family

qakbot

Botnet

domain02

Campaign

1613028094

C2

32.210.98.6:443

70.49.88.199:2222

151.205.102.42:443

178.152.79.153:995

216.195.46.163:2222

72.252.201.69:443

90.65.236.181:2222

98.173.34.212:995

97.69.160.4:2222

69.245.102.225:443

144.139.166.18:443

73.25.124.140:2222

189.223.205.126:443

157.131.108.180:443

71.197.126.250:443

73.228.197.5:443

151.213.189.62:443

24.229.150.54:995

84.72.35.226:443

199.19.117.131:443

Targets

- Target
  
  md.dll
- Size
  
  949KB
- MD5
  
  a9d59daeb3b08134eb4f40be73085ea7
- SHA1
  
  2bd25320f23a64f0cadb4225cb8a7970a9db6701
- SHA256
  
  997fc0678899eedb511541ba9dfcf1a4823f5730d72a576cc12320ee49e3ec65
- SHA512
  
  0aba19aace4a4529965ca71847c986792bd1b68425e9ded63286510452f15f724bfa04681b7d8c2ea7925e1b19546b27b4ea0dbefd724dfab9d2d0a3258578c9
Score

10^/10

qakbot domain02 1613028094 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2