qakbot | a4da89c7bbcd7bee6d6e67772a906f43bb52f3f6e7ad5fb6c261cb2a1b36bb18

General

Target

7062d041_by_Libranalysis
Size

230KB
Sample

210507-dff258cema
MD5

7062d041a4463cfe66845d6e2eb74cbc
SHA1

4ef3b9a87bf86dc7378f30fed212693d4f538a40
SHA256

a4da89c7bbcd7bee6d6e67772a906f43bb52f3f6e7ad5fb6c261cb2a1b36bb18
SHA512

5321a89ebd773b61ef4b6bebf6bf46c3eb1f49b182a278464d2c5e480b5c9a5cfae15902f2af7eb2c9eff9ba0d324d3d7ca23f3820a2e5321e608f474dbb3fb6

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

402.68

Botnet

clinton13

Campaign

1620299491

C2

71.187.170.235:443

190.85.91.154:443

47.22.148.6:443

95.77.223.148:443

75.67.192.125:443

83.110.108.100:2222

81.97.154.100:443

97.69.160.4:2222

24.179.77.148:443

45.63.107.192:995

24.152.219.253:995

67.8.103.21:443

71.41.184.10:3389

184.185.103.157:443

73.25.124.140:2222

140.82.49.12:443

197.45.110.165:995

149.28.101.90:443

45.77.115.208:995

207.246.116.237:8443

Targets

- Target
  
  7062d041_by_Libranalysis
- Size
  
  230KB
- MD5
  
  7062d041a4463cfe66845d6e2eb74cbc
- SHA1
  
  4ef3b9a87bf86dc7378f30fed212693d4f538a40
- SHA256
  
  a4da89c7bbcd7bee6d6e67772a906f43bb52f3f6e7ad5fb6c261cb2a1b36bb18
- SHA512
  
  5321a89ebd773b61ef4b6bebf6bf46c3eb1f49b182a278464d2c5e480b5c9a5cfae15902f2af7eb2c9eff9ba0d324d3d7ca23f3820a2e5321e608f474dbb3fb6
Score

10^/10

qakbot clinton13 1620299491 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2