qakbot | e89ce5206b133790f9313989ebfbbd2eee1e4d9cee7c1dcfc1d0f895cda8662f | Triage

Sharing

General

Target

IEUDLK.CJF
Size

349KB
Sample

210301-mqlr5h11wa
MD5

cd6461213b090d7c4eed79431d4a684f
SHA1

bda16ee8758cea58d83cf2b34efaf0fab6fc42a3
SHA256

e89ce5206b133790f9313989ebfbbd2eee1e4d9cee7c1dcfc1d0f895cda8662f
SHA512

81c8ee342401ea4b1eaa945f8557ecb95f81f91220dd8f110b510db2da7632aa3636a2fd72d3d1a70f213277070627ab8b0e624796b8ec0cc7aa2949fd31b7db

Score

10^/10

qakbot tr 1614598087 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Botnet

tr

Campaign

1614598087

C2

24.95.61.62:443

89.3.198.238:443

196.151.252.84:443

90.65.236.181:2222

2.232.253.79:995

217.133.54.140:32100

195.43.173.70:443

84.247.55.190:8443

136.232.34.70:443

45.63.107.192:443

45.77.115.208:443

149.28.98.196:995

45.32.211.207:8443

149.28.98.196:443

149.28.99.97:443

45.63.107.192:2222

207.246.77.75:443

207.246.77.75:8443

45.77.117.108:443

45.32.211.207:995

Targets

- Target
  
  IEUDLK.CJF
- Size
  
  349KB
- MD5
  
  cd6461213b090d7c4eed79431d4a684f
- SHA1
  
  bda16ee8758cea58d83cf2b34efaf0fab6fc42a3
- SHA256
  
  e89ce5206b133790f9313989ebfbbd2eee1e4d9cee7c1dcfc1d0f895cda8662f
- SHA512
  
  81c8ee342401ea4b1eaa945f8557ecb95f81f91220dd8f110b510db2da7632aa3636a2fd72d3d1a70f213277070627ab8b0e624796b8ec0cc7aa2949fd31b7db
Score

10^/10

qakbot tr 1614598087 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

qakbottr1614598087bankerstealertrojan

behavioral2

qakbottr1614598087bankerstealertrojan