qakbot | 4d0bcd02aa9858d6cfafff3ad1686e2a49e785da11233803879e88e3408849e7

General

Target

final.bin
Size

217KB
Sample

210416-nkvcy7hxaj
MD5

862828ee08c665ff1e9985ff59387645
SHA1

e8e701ca05d8dd7951bdc152088cdca5f6ef6892
SHA256

4d0bcd02aa9858d6cfafff3ad1686e2a49e785da11233803879e88e3408849e7
SHA512

2aea3f55c1ffaa6de87516afbe41efc515b190417ff76947551263fb92e0dc2e78d1e59a4ddfa65c095ff0c168e2d19b44f804c6713c69cdff79ba50056bfc23

Score

10^/10

qakbot tr 1618398298 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Botnet

tr

Campaign

1618398298

C2

47.196.192.184:443

216.201.162.158:443

136.232.34.70:443

71.41.184.10:3389

140.82.49.12:443

45.63.107.192:2222

45.63.107.192:443

149.28.98.196:443

45.32.211.207:443

144.202.38.185:443

45.77.115.208:2222

45.77.115.208:8443

207.246.116.237:995

45.77.117.108:443

149.28.99.97:443

149.28.99.97:995

149.28.98.196:995

45.32.211.207:995

45.32.211.207:2222

149.28.98.196:2222

Targets

- Target
  
  final.bin
- Size
  
  217KB
- MD5
  
  862828ee08c665ff1e9985ff59387645
- SHA1
  
  e8e701ca05d8dd7951bdc152088cdca5f6ef6892
- SHA256
  
  4d0bcd02aa9858d6cfafff3ad1686e2a49e785da11233803879e88e3408849e7
- SHA512
  
  2aea3f55c1ffaa6de87516afbe41efc515b190417ff76947551263fb92e0dc2e78d1e59a4ddfa65c095ff0c168e2d19b44f804c6713c69cdff79ba50056bfc23
Score

10^/10

qakbot tr 1618398298 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2