qakbot | f141cfd57b0d531bfd27b555d36129f2cf832c9d701bd3a89d071ea55e5436a6 | Triage

Sharing

General

Target

f141cfd57b0d531bfd27b555d36129f2cf832c9d701bd3a89d071ea55e5436a6
Size

1.2MB
Sample

210413-bqtgddtdx6
MD5

4e40f2faf01c55032a841374901888aa
SHA1

dafd30a8aabb364777793770955dd3f48127f107
SHA256

f141cfd57b0d531bfd27b555d36129f2cf832c9d701bd3a89d071ea55e5436a6
SHA512

7b54fafa76fc3a7b3fac367d7414a440a87abaa37c97da8800d18d3b6a17aa71fd4d667014d7c31b9b70e1d13a8cead03335ca915e30cc8123fb6eee6b7d1157

Score

10^/10

qakbot abc007 1600776783 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Botnet

abc007

Campaign

1600776783

C2

72.204.242.138:20

207.255.161.8:443

5.12.0.239:443

207.255.161.8:2087

207.255.161.8:32103

117.218.208.239:443

72.204.242.138:53

141.156.232.157:443

47.146.169.85:443

74.75.216.202:443

173.22.125.129:2222

72.190.101.70:443

80.195.103.146:2222

84.78.128.76:2222

72.209.191.27:443

189.150.106.230:22

71.221.92.98:443

108.49.221.180:443

68.82.125.234:443

24.234.86.201:995

Targets

- Target
  
  f141cfd57b0d531bfd27b555d36129f2cf832c9d701bd3a89d071ea55e5436a6
- Size
  
  1.2MB
- MD5
  
  4e40f2faf01c55032a841374901888aa
- SHA1
  
  dafd30a8aabb364777793770955dd3f48127f107
- SHA256
  
  f141cfd57b0d531bfd27b555d36129f2cf832c9d701bd3a89d071ea55e5436a6
- SHA512
  
  7b54fafa76fc3a7b3fac367d7414a440a87abaa37c97da8800d18d3b6a17aa71fd4d667014d7c31b9b70e1d13a8cead03335ca915e30cc8123fb6eee6b7d1157
Score

10^/10

qakbot abc007 1600776783 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

qakbotabc0071600776783bankerstealertrojan

behavioral2

qakbotabc0071600776783bankerstealertrojan