qakbot | 1ad572f997350edf6c8cdfaca8f2dd0d4378c38edcd0283ca5ae9aa6e54b8fae | Triage

Sharing

General

Target

1ad572f997350edf6c8cdfaca8f2dd0d4378c38edcd0283ca5ae9aa6e54b8fae
Size

400KB
Sample

210428-k723mczyta
MD5

92eeeea2b8f1c03e78e58ce46e88228e
SHA1

a892e03afdcfdb9cfe87897239e02925de1f4a35
SHA256

1ad572f997350edf6c8cdfaca8f2dd0d4378c38edcd0283ca5ae9aa6e54b8fae
SHA512

30535b5858958cfd69c769aeb468bc09a741610001dd859bb6b556c630b3d81b3ff86f044773bd80d773f2b92e860c909796e2aba7cdf8c8d29d4a8028eb879a

Score

10^/10

qakbot biden02 1614154620 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

401.138

Botnet

biden02

Campaign

1614154620

C2

98.173.34.213:995

160.3.187.114:443

73.25.124.140:2222

24.50.118.93:443

82.127.125.209:990

83.110.109.106:2222

79.129.121.81:995

189.223.234.23:995

125.63.101.62:443

113.22.175.141:443

172.78.30.215:443

47.146.169.85:443

47.22.148.6:443

76.25.142.196:443

78.63.226.32:443

105.198.236.101:443

75.67.192.125:443

176.181.247.197:443

105.96.8.96:443

108.31.15.10:995

Targets

- Target
  
  1ad572f997350edf6c8cdfaca8f2dd0d4378c38edcd0283ca5ae9aa6e54b8fae
- Size
  
  400KB
- MD5
  
  92eeeea2b8f1c03e78e58ce46e88228e
- SHA1
  
  a892e03afdcfdb9cfe87897239e02925de1f4a35
- SHA256
  
  1ad572f997350edf6c8cdfaca8f2dd0d4378c38edcd0283ca5ae9aa6e54b8fae
- SHA512
  
  30535b5858958cfd69c769aeb468bc09a741610001dd859bb6b556c630b3d81b3ff86f044773bd80d773f2b92e860c909796e2aba7cdf8c8d29d4a8028eb879a
Score

10^/10

qakbot biden02 1614154620 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

qakbotbiden021614154620bankerstealertrojan

behavioral2

qakbotbiden021614154620bankerstealertrojan