qakbot | 193fa0a25018014a6573204bff0f979df3f62b75b1187730b59d98a21ad36062 | Triage

Sharing

General

Target

file
Size

400KB
Sample

210428-jf6ke9rwaj
MD5

695393964eef7ffc6219cfd084fa3ae4
SHA1

bcb4a84b9260990fe9339fd2bf00cc0038d9f0d3
SHA256

193fa0a25018014a6573204bff0f979df3f62b75b1187730b59d98a21ad36062
SHA512

56135b8bba2f08297b463899d26d99c4792077f3b280643c7d9ebe19f06c390e36553dbe72ba4af3cb6b7b1b7da934c0be51045bea5e9da8ec6285ca9246a639

Score

10^/10

qakbot biden02 1614154620 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

401.138

Botnet

biden02

Campaign

1614154620

C2

98.173.34.213:995

160.3.187.114:443

73.25.124.140:2222

24.50.118.93:443

82.127.125.209:990

83.110.109.106:2222

79.129.121.81:995

189.223.234.23:995

125.63.101.62:443

113.22.175.141:443

172.78.30.215:443

47.146.169.85:443

47.22.148.6:443

76.25.142.196:443

78.63.226.32:443

105.198.236.101:443

75.67.192.125:443

176.181.247.197:443

105.96.8.96:443

108.31.15.10:995

Targets

- Target
  
  file
- Size
  
  400KB
- MD5
  
  695393964eef7ffc6219cfd084fa3ae4
- SHA1
  
  bcb4a84b9260990fe9339fd2bf00cc0038d9f0d3
- SHA256
  
  193fa0a25018014a6573204bff0f979df3f62b75b1187730b59d98a21ad36062
- SHA512
  
  56135b8bba2f08297b463899d26d99c4792077f3b280643c7d9ebe19f06c390e36553dbe72ba4af3cb6b7b1b7da934c0be51045bea5e9da8ec6285ca9246a639
Score

10^/10

qakbot biden02 1614154620 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

qakbotbiden021614154620bankerstealertrojan

behavioral2

qakbotbiden021614154620bankerstealertrojan