qakbot | 1597cf6c9fadf5190b80f34a06fb049c43a899f9c081b908b532083cdb236961 | Triage

Sharing

General

Target

rundll32_041E0000.dll
Size

200KB
Sample

210502-s4k1t39t82
MD5

f27773e57e5cabd4d4dc0c7f068cb9ca
SHA1

61eda8b76e9e87b8e4d43ff543b2f3de241361f1
SHA256

1597cf6c9fadf5190b80f34a06fb049c43a899f9c081b908b532083cdb236961
SHA512

ebef47413fd61ec4eeda2dc7c96f6d914a44f925cb9d9e476dba1956af20e2145fb2ec5d5b35ae11aa11b0241841e4e0b2a04356536e71a2aa32946bee0ddde2

Score

10^/10

qakbot tr 1614598087 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

401.138

Botnet

tr

Campaign

1614598087

C2

24.95.61.62:443

89.3.198.238:443

196.151.252.84:443

90.65.236.181:2222

2.232.253.79:995

217.133.54.140:32100

195.43.173.70:443

84.247.55.190:8443

136.232.34.70:443

45.63.107.192:443

45.77.115.208:443

149.28.98.196:995

45.32.211.207:8443

149.28.98.196:443

149.28.99.97:443

45.63.107.192:2222

207.246.77.75:443

207.246.77.75:8443

45.77.117.108:443

45.32.211.207:995

Targets

- Target
  
  rundll32_041E0000.dll
- Size
  
  200KB
- MD5
  
  f27773e57e5cabd4d4dc0c7f068cb9ca
- SHA1
  
  61eda8b76e9e87b8e4d43ff543b2f3de241361f1
- SHA256
  
  1597cf6c9fadf5190b80f34a06fb049c43a899f9c081b908b532083cdb236961
- SHA512
  
  ebef47413fd61ec4eeda2dc7c96f6d914a44f925cb9d9e476dba1956af20e2145fb2ec5d5b35ae11aa11b0241841e4e0b2a04356536e71a2aa32946bee0ddde2
Score

10^/10

qakbot tr 1614598087 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

tr1614598087qakbot

behavioral1

qakbottr1614598087bankerstealertrojan

behavioral2

qakbottr1614598087bankerstealertrojan