qakbot | bfa15946d599ea25d58d2e8ec749a1a31c7ae9f785f99e78efdcd7069d42429e

General

Target

de38eb7fd5b7fa9eb360d0f837eee204
Size

594KB
Sample

210421-ey4he2z93a
MD5

de38eb7fd5b7fa9eb360d0f837eee204
SHA1

2b33ea04c23752f5fe92e21766ecb69715062080
SHA256

bfa15946d599ea25d58d2e8ec749a1a31c7ae9f785f99e78efdcd7069d42429e
SHA512

1c65257e5bd0edd330ec4a2e36e02038967ee323a53803ec06939e7a2437a96ac2cc1da2ddb9434b0a1e52377e4d62789a420101d0536d21728c6c2f48c4ff79

Score

10^/10

Malware Config

Extracted

Family

qakbot

Botnet

biden31

Campaign

1618914389

C2

75.67.192.125:443

78.63.226.32:443

95.77.223.148:443

83.110.109.164:2222

140.82.49.12:443

71.41.184.10:3389

73.25.124.140:2222

105.198.236.101:443

45.32.211.207:995

207.246.116.237:995

45.77.117.108:8443

45.63.107.192:2222

149.28.101.90:995

45.77.115.208:2222

45.77.115.208:443

45.32.211.207:8443

45.32.211.207:2222

207.246.116.237:443

45.77.117.108:2222

149.28.98.196:995

Targets

- Target
  
  de38eb7fd5b7fa9eb360d0f837eee204
- Size
  
  594KB
- MD5
  
  de38eb7fd5b7fa9eb360d0f837eee204
- SHA1
  
  2b33ea04c23752f5fe92e21766ecb69715062080
- SHA256
  
  bfa15946d599ea25d58d2e8ec749a1a31c7ae9f785f99e78efdcd7069d42429e
- SHA512
  
  1c65257e5bd0edd330ec4a2e36e02038967ee323a53803ec06939e7a2437a96ac2cc1da2ddb9434b0a1e52377e4d62789a420101d0536d21728c6c2f48c4ff79
Score

10^/10

qakbot biden31 1618914389 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2