qakbot | 9c03fd876f1e5625e3dff0434d1185d624ab1203fa081c40ca2ebdb04aac27b5 | Triage

Sharing

General

Target

9c03fd876f1e5625e3dff0434d1185d624ab1203fa081c40ca2ebdb04aac27b5
Size

617KB
Sample

210224-yr3bmfmhb2
MD5

5e3749f332a005fadc0667375f8c6d19
SHA1

9271eb55dfe65239f20c6d6ac0f313a5f4fd54ff
SHA256

9c03fd876f1e5625e3dff0434d1185d624ab1203fa081c40ca2ebdb04aac27b5
SHA512

ffcd6a8ce211ffa5175e066657490649d585ca8ec7b0606d92a34041740ef3d48b262cda9f960e41e4ccd3b32a48d3fbbdd519c68365c9b6fc5e778e8c1c04ef

Score

10^/10

qakbot tr 1612175155 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Botnet

tr

Campaign

1612175155

C2

89.3.198.238:443

172.78.30.215:443

85.52.72.32:2222

76.110.113.71:995

106.51.52.111:443

75.67.192.125:443

172.115.177.204:2222

197.45.110.165:995

82.76.47.211:443

45.77.115.208:443

45.32.211.207:443

144.202.38.185:443

207.246.116.237:995

149.28.101.90:995

149.28.101.90:8443

207.246.116.237:8443

144.202.38.185:2222

45.32.211.207:8443

149.28.101.90:443

149.28.101.90:2222

Targets

- Target
  
  9c03fd876f1e5625e3dff0434d1185d624ab1203fa081c40ca2ebdb04aac27b5
- Size
  
  617KB
- MD5
  
  5e3749f332a005fadc0667375f8c6d19
- SHA1
  
  9271eb55dfe65239f20c6d6ac0f313a5f4fd54ff
- SHA256
  
  9c03fd876f1e5625e3dff0434d1185d624ab1203fa081c40ca2ebdb04aac27b5
- SHA512
  
  ffcd6a8ce211ffa5175e066657490649d585ca8ec7b0606d92a34041740ef3d48b262cda9f960e41e4ccd3b32a48d3fbbdd519c68365c9b6fc5e778e8c1c04ef
Score

10^/10

qakbot tr 1612175155 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

qakbottr1612175155bankerstealertrojan

behavioral2

qakbottr1612175155bankerstealertrojan