qakbot | ddb1550882c70cf5c50bef624d2871583b1f83989ec4ee8593568b1af7d1a202 | Triage

Sharing

General

Target

frid.gif.zip
Size

163KB
Sample

210301-ba5md2fcna
MD5

ecdb73a86ca64786a66673744ba2a0c1
SHA1

9699b3a3be0fe588bf6fa79362af7800b3309a44
SHA256

ddb1550882c70cf5c50bef624d2871583b1f83989ec4ee8593568b1af7d1a202
SHA512

27014e7983e4c0877e763795769599b4c67b417fe6695d8aa5f6d8bd1d04ae7dccd55a9de37ece7a49463975759743f0e9958f0cc9a4bb06ab88bfa402d65cbd

Score

10^/10

qakbot tr 1614598087 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Botnet

tr

Campaign

1614598087

C2

24.95.61.62:443

89.3.198.238:443

196.151.252.84:443

90.65.236.181:2222

2.232.253.79:995

217.133.54.140:32100

195.43.173.70:443

84.247.55.190:8443

136.232.34.70:443

45.63.107.192:443

45.77.115.208:443

149.28.98.196:995

45.32.211.207:8443

149.28.98.196:443

149.28.99.97:443

45.63.107.192:2222

207.246.77.75:443

207.246.77.75:8443

45.77.117.108:443

45.32.211.207:995

Targets

- Target
  
  frid.gif
- Size
  
  349KB
- MD5
  
  cd6461213b090d7c4eed79431d4a684f
- SHA1
  
  bda16ee8758cea58d83cf2b34efaf0fab6fc42a3
- SHA256
  
  e89ce5206b133790f9313989ebfbbd2eee1e4d9cee7c1dcfc1d0f895cda8662f
- SHA512
  
  81c8ee342401ea4b1eaa945f8557ecb95f81f91220dd8f110b510db2da7632aa3636a2fd72d3d1a70f213277070627ab8b0e624796b8ec0cc7aa2949fd31b7db
Score

10^/10

qakbot tr 1614598087 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

qakbottr1614598087bankerstealertrojan

behavioral2

qakbottr1614598087bankerstealertrojan