qakbot | 6ee9fb65872221a44784d3ff7ebfca34059b1d5ea6fe58b8f9458d905c8bdf0d | Triage

Sharing

General

Target

6ee9fb65872221a44784d3ff7ebfca34059b1d5ea6fe58b8f9458d905c8bdf0d
Size

2.0MB
Sample

210511-hmv9mmz81n
MD5

8880c378ed0a50f50ecff67c4735a9fc
SHA1

2802edbe2622e793d599827d74ece257144c8a7a
SHA256

6ee9fb65872221a44784d3ff7ebfca34059b1d5ea6fe58b8f9458d905c8bdf0d
SHA512

4601695ddea03a882de6ec8361c16bc1be7d5ac00cb1af6bf8e473add0dc916456b6bae3ca5d960ecb65ff78259a9726764d8ad8cde84ea35690b4faa1d646ce

Score

10^/10

qakbot spx112 1588678797 banker cryptone packer stealer trojan

Malware Config

Extracted

Family

qakbot

Version

324.136

Botnet

spx112

Campaign

1588678797

C2

81.133.234.36:2222

31.5.21.66:443

41.233.43.51:995

96.37.113.36:443

86.233.4.153:2222

98.118.156.172:443

89.34.214.130:443

79.116.237.126:443

72.16.212.107:465

72.36.59.46:2222

5.74.188.119:995

67.209.195.198:3389

98.32.60.217:443

24.46.40.189:2222

77.159.149.74:443

174.30.24.61:443

98.115.138.61:443

189.159.82.203:995

108.21.54.174:443

81.103.144.77:443

Targets

- Target
  
  6ee9fb65872221a44784d3ff7ebfca34059b1d5ea6fe58b8f9458d905c8bdf0d
- Size
  
  2.0MB
- MD5
  
  8880c378ed0a50f50ecff67c4735a9fc
- SHA1
  
  2802edbe2622e793d599827d74ece257144c8a7a
- SHA256
  
  6ee9fb65872221a44784d3ff7ebfca34059b1d5ea6fe58b8f9458d905c8bdf0d
- SHA512
  
  4601695ddea03a882de6ec8361c16bc1be7d5ac00cb1af6bf8e473add0dc916456b6bae3ca5d960ecb65ff78259a9726764d8ad8cde84ea35690b4faa1d646ce
Score

10^/10

qakbot spx112 1588678797 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qakbotspx1121588678797bankerstealertrojan

behavioral2

qakbotspx1121588678797bankerstealertrojan