qakbot | d2f682e15f88bcd74f1e14d51216c34f089e75d821359f0b0f9893a755eaf6b7

General

Target

q.dat
Size

692KB
Sample

210423-69k4rf8m4n
MD5

d5b57d291b9e7eb0463c444fb1fee68b
SHA1

95d8c6b3766487a9c38223b7e4d0499850b3aeca
SHA256

d2f682e15f88bcd74f1e14d51216c34f089e75d821359f0b0f9893a755eaf6b7
SHA512

a56e7fe2bee2f8383f8872e045d0e22f83f01c9edfdc8afd03c1a9f4e8fa1b32050dd6af60efab8fea43bedb8cf3b2da9b5cfd3a04d32771564f60ee7186cbec

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

402.12

Botnet

clinton09

Campaign

1619121510

C2

197.45.110.165:995

105.198.236.101:443

190.85.91.154:443

71.163.222.243:443

45.63.107.192:995

149.28.99.97:2222

109.12.111.14:443

75.67.192.125:443

24.139.72.117:443

75.118.1.141:443

105.198.236.99:443

173.21.10.71:2222

136.232.34.70:443

140.82.49.12:443

98.192.185.86:443

71.41.184.10:3389

73.25.124.140:2222

83.196.56.65:2222

24.152.219.253:995

189.210.115.207:443

Targets

- Target
  
  q.dat
- Size
  
  692KB
- MD5
  
  d5b57d291b9e7eb0463c444fb1fee68b
- SHA1
  
  95d8c6b3766487a9c38223b7e4d0499850b3aeca
- SHA256
  
  d2f682e15f88bcd74f1e14d51216c34f089e75d821359f0b0f9893a755eaf6b7
- SHA512
  
  a56e7fe2bee2f8383f8872e045d0e22f83f01c9edfdc8afd03c1a9f4e8fa1b32050dd6af60efab8fea43bedb8cf3b2da9b5cfd3a04d32771564f60ee7186cbec
Score

10^/10

qakbot clinton09 1619121510 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2