qakbot | 24753d9f0d691b6d582da3e301b98f75abbdb5382bb871ee00713c5029c56d44 | Triage

Sharing

General

Target

mrch.gif
Size

424KB
Sample

210302-y9rqfzcq5x
MD5

97e6abcad2140619ff150d6253f62b8f
SHA1

0762a2db618f5dcc403139b671222aecb7c4aaf1
SHA256

24753d9f0d691b6d582da3e301b98f75abbdb5382bb871ee00713c5029c56d44
SHA512

54d55de10d22086a0d77cad5b833ceee0b1bcd62062e56c0af5deaa64b0bbc84f45ac47905b833967b611a3e41eeb7f5ccc437619648cf69f8f1f04d50faaf08

Score

10^/10

qakbot tr 1614598087 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Botnet

tr

Campaign

1614598087

C2

24.95.61.62:443

89.3.198.238:443

196.151.252.84:443

90.65.236.181:2222

2.232.253.79:995

217.133.54.140:32100

195.43.173.70:443

84.247.55.190:8443

136.232.34.70:443

45.63.107.192:443

45.77.115.208:443

149.28.98.196:995

45.32.211.207:8443

149.28.98.196:443

149.28.99.97:443

45.63.107.192:2222

207.246.77.75:443

207.246.77.75:8443

45.77.117.108:443

45.32.211.207:995

Targets

- Target
  
  mrch.gif
- Size
  
  424KB
- MD5
  
  97e6abcad2140619ff150d6253f62b8f
- SHA1
  
  0762a2db618f5dcc403139b671222aecb7c4aaf1
- SHA256
  
  24753d9f0d691b6d582da3e301b98f75abbdb5382bb871ee00713c5029c56d44
- SHA512
  
  54d55de10d22086a0d77cad5b833ceee0b1bcd62062e56c0af5deaa64b0bbc84f45ac47905b833967b611a3e41eeb7f5ccc437619648cf69f8f1f04d50faaf08
Score

10^/10

qakbot tr 1614598087 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbottr1614598087bankerstealertrojan

behavioral2

qakbottr1614598087bankerstealertrojan