qakbot | fec51f04710e3aae47dd23b084d8a364fa07c25dda5b229aeb3e6a98c56fa869 | Triage

Sharing

General

Target

fec51f04710e3aae47dd23b084d8a364fa07c25dda5b229aeb3e6a98c56fa869.dll
Size

4.3MB
Sample

210507-84ehxlzy8a
MD5

5ed9fb5fc74c6fdb3537629e9b23437a
SHA1

67424175620be87fd3b2810ba5eba0d9e0bee49f
SHA256

fec51f04710e3aae47dd23b084d8a364fa07c25dda5b229aeb3e6a98c56fa869
SHA512

5361a9e0698380c0dbd510e906ac63fb11e69a3ec0e6548304db288a1b20c3016b1223587f573dfb2468e005e71af0b3b942265b38f8b0454163792b3766fd2f

Score

10^/10

qakbot domain01 1597161528 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

325.43

Botnet

domain01

Campaign

1597161528

C2

96.227.127.13:443

197.37.252.37:993

95.221.48.169:2222

72.190.101.70:443

47.39.76.74:443

207.255.18.67:443

108.46.145.30:443

142.117.109.129:2222

176.205.255.97:443

2.89.74.34:995

98.219.77.197:443

75.110.250.89:995

47.28.131.209:443

47.18.252.135:2222

66.30.92.147:443

188.51.3.210:995

83.110.92.29:443

68.225.56.31:443

189.183.72.138:995

98.121.187.78:443

Targets

- Target
  
  fec51f04710e3aae47dd23b084d8a364fa07c25dda5b229aeb3e6a98c56fa869.dll
- Size
  
  4.3MB
- MD5
  
  5ed9fb5fc74c6fdb3537629e9b23437a
- SHA1
  
  67424175620be87fd3b2810ba5eba0d9e0bee49f
- SHA256
  
  fec51f04710e3aae47dd23b084d8a364fa07c25dda5b229aeb3e6a98c56fa869
- SHA512
  
  5361a9e0698380c0dbd510e906ac63fb11e69a3ec0e6548304db288a1b20c3016b1223587f573dfb2468e005e71af0b3b942265b38f8b0454163792b3766fd2f
Score

10^/10

qakbot domain01 1597161528 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

qakbotdomain011597161528bankerstealertrojan

behavioral2

qakbotdomain011597161528bankerstealertrojan