qakbot | 1f2a826362af62f3d58b5e0bbd162913d815c1ab2354fede229d355f796a76b3 | Triage

Sharing

General

Target

1f2a826362af62f3d58b5e0bbd162913d815c1ab2354fede229d355f796a76b3
Size

361KB
Sample

210224-h9vrrygktn
MD5

b1a85b59cda353b81879dfeeeca44d0f
SHA1

14657907e313de1f747964b5c1797ebb36969c3f
SHA256

1f2a826362af62f3d58b5e0bbd162913d815c1ab2354fede229d355f796a76b3
SHA512

89bb10121f61a05743d68dc1d5aec6c23e93c7fdb5ec150fac332fe74ce8e03e3607f454978e0446fd20bc9c2d52cf9a2760788a7a3a1e7fe07ae6a78698a4ea

Score

10^/10

qakbot abc124 1612362406 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Botnet

abc124

Campaign

1612362406

C2

86.236.77.68:2222

64.121.114.87:443

172.87.134.226:995

82.12.157.95:995

160.3.187.114:443

78.97.207.104:443

69.123.179.70:443

197.161.154.132:443

50.244.112.106:443

83.110.108.181:2222

105.198.236.99:443

74.77.162.33:443

196.151.252.84:443

140.82.49.12:443

45.118.216.157:443

80.11.173.82:8443

86.216.208.38:2222

72.240.200.181:2222

222.154.253.111:995

68.186.192.69:443

Targets

- Target
  
  1f2a826362af62f3d58b5e0bbd162913d815c1ab2354fede229d355f796a76b3
- Size
  
  361KB
- MD5
  
  b1a85b59cda353b81879dfeeeca44d0f
- SHA1
  
  14657907e313de1f747964b5c1797ebb36969c3f
- SHA256
  
  1f2a826362af62f3d58b5e0bbd162913d815c1ab2354fede229d355f796a76b3
- SHA512
  
  89bb10121f61a05743d68dc1d5aec6c23e93c7fdb5ec150fac332fe74ce8e03e3607f454978e0446fd20bc9c2d52cf9a2760788a7a3a1e7fe07ae6a78698a4ea
Score

10^/10

qakbot abc124 1612362406 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

qakbotabc1241612362406bankerstealertrojan

behavioral2

qakbotabc1241612362406bankerstealertrojan