qakbot | 7da5c112adc376fbfb189d6ce21b38a36001783b3fc0fd64ac2ac7cd10e14a88

General

Target

443005396033565.dat.dll
Size

630KB
Sample

210420-s57k6rhaza
MD5

049514766d156144841cc80e45b5dbf1
SHA1

8ab7d1e8e15e1abe55aabbe42760b58a0d1f12a7
SHA256

7da5c112adc376fbfb189d6ce21b38a36001783b3fc0fd64ac2ac7cd10e14a88
SHA512

9d69834dba3d623f9025cb5e32b8887f7461fa803f3881baeea5a5da8135537ad8acc0b12ef52826bbdb9f9f9fef176d8b1abe769d72c55e94057a5ef37bfebd

Score

10^/10

Malware Config

Extracted

Family

qakbot

Botnet

clinton07

Campaign

1618921328

C2

45.32.211.207:443

45.77.117.108:443

45.77.117.108:8443

149.28.98.196:2222

149.28.98.196:443

144.202.38.185:443

144.202.38.185:995

45.32.211.207:995

207.246.116.237:995

149.28.99.97:995

45.63.107.192:2222

149.28.101.90:995

45.77.115.208:2222

45.77.115.208:443

45.32.211.207:8443

45.32.211.207:2222

207.246.116.237:443

45.77.117.108:2222

149.28.98.196:995

149.28.101.90:8443

Targets

- Target
  
  443005396033565.dat.dll
- Size
  
  630KB
- MD5
  
  049514766d156144841cc80e45b5dbf1
- SHA1
  
  8ab7d1e8e15e1abe55aabbe42760b58a0d1f12a7
- SHA256
  
  7da5c112adc376fbfb189d6ce21b38a36001783b3fc0fd64ac2ac7cd10e14a88
- SHA512
  
  9d69834dba3d623f9025cb5e32b8887f7461fa803f3881baeea5a5da8135537ad8acc0b12ef52826bbdb9f9f9fef176d8b1abe769d72c55e94057a5ef37bfebd
Score

10^/10

qakbot clinton07 1618921328 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2