qakbot | 6cf53416d2eb8d1ae622a299a239046f6bfae9be7d56083e8feb602863fed6fb | Triage

Sharing

General

Target

6cf53416d2eb8d1ae622a299a239046f6bfae9be7d56083e8feb602863fed6fb
Size

298KB
Sample

210224-jybtcchmns
MD5

a2bd90db4e6cfe9d6ab7c435edab35c1
SHA1

4c7a6a01b93df2bc1e61fffcedef08e5c10c3bfe
SHA256

6cf53416d2eb8d1ae622a299a239046f6bfae9be7d56083e8feb602863fed6fb
SHA512

bf85e491b56de6cd2990d79df02ed0afe81f4d740c5ae88d555701a3ed7a51e9b49d8b1893b68d7c7c8231387a8ba0ec87d9462c72999bf5716c577bfbac6723

Score

10^/10

qakbot abc123 1612349986 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Botnet

abc123

Campaign

1612349986

C2

222.154.253.111:995

50.244.112.106:443

83.110.108.181:2222

105.198.236.99:443

74.77.162.33:443

106.250.150.98:443

196.151.252.84:443

45.118.216.157:443

140.82.49.12:443

80.11.173.82:8443

71.88.193.17:443

68.186.192.69:443

46.153.119.255:995

81.214.126.173:2222

108.31.15.10:995

197.45.110.165:995

81.88.254.62:443

86.97.8.249:443

202.187.58.21:443

41.39.134.183:443

Targets

- Target
  
  6cf53416d2eb8d1ae622a299a239046f6bfae9be7d56083e8feb602863fed6fb
- Size
  
  298KB
- MD5
  
  a2bd90db4e6cfe9d6ab7c435edab35c1
- SHA1
  
  4c7a6a01b93df2bc1e61fffcedef08e5c10c3bfe
- SHA256
  
  6cf53416d2eb8d1ae622a299a239046f6bfae9be7d56083e8feb602863fed6fb
- SHA512
  
  bf85e491b56de6cd2990d79df02ed0afe81f4d740c5ae88d555701a3ed7a51e9b49d8b1893b68d7c7c8231387a8ba0ec87d9462c72999bf5716c577bfbac6723
Score

10^/10

qakbot abc123 1612349986 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

qakbotabc1231612349986bankerstealertrojan

behavioral2

qakbotabc1231612349986bankerstealertrojan