qakbot | e293b8b6447d06f56c536731bcc16a6b56287120e65e39c98365131bdd7cd114 | Triage

Sharing

General

Target

e293b8b6447d06f56c536731bcc16a6b56287120e65e39c98365131bdd7cd114
Size

1.8MB
Sample

210511-sk3lddes2x
MD5

e4d80a86493d6d243d07a1df9488caaa
SHA1

39c3440fddac3e85767228c6ddeffabf221cb9bd
SHA256

e293b8b6447d06f56c536731bcc16a6b56287120e65e39c98365131bdd7cd114
SHA512

948ecf00e5c39f7f5fc99e819169bb524b6796f8de05029d5f03a34676c1ae465c6976f75c1629e8db25f9472b5b4f42aa356dae7e34bb9e377881ab15f4f23f

Score

10^/10

qakbot spx111 1588597375 banker cryptone packer stealer trojan

Malware Config

Extracted

Family

qakbot

Version

324.136

Botnet

spx111

Campaign

1588597375

C2

98.22.234.245:443

188.173.70.18:443

189.159.19.223:995

73.60.148.209:443

74.105.139.160:443

50.244.112.106:443

47.232.26.181:443

50.104.186.71:443

173.172.205.216:443

208.126.142.17:443

71.197.31.92:0

72.240.65.85:443

24.183.39.93:443

73.137.187.150:443

74.135.85.117:443

172.87.134.226:443

201.146.188.44:443

76.170.77.99:443

67.170.137.8:443

24.55.152.50:995

Targets

- Target
  
  e293b8b6447d06f56c536731bcc16a6b56287120e65e39c98365131bdd7cd114
- Size
  
  1.8MB
- MD5
  
  e4d80a86493d6d243d07a1df9488caaa
- SHA1
  
  39c3440fddac3e85767228c6ddeffabf221cb9bd
- SHA256
  
  e293b8b6447d06f56c536731bcc16a6b56287120e65e39c98365131bdd7cd114
- SHA512
  
  948ecf00e5c39f7f5fc99e819169bb524b6796f8de05029d5f03a34676c1ae465c6976f75c1629e8db25f9472b5b4f42aa356dae7e34bb9e377881ab15f4f23f
Score

10^/10

qakbot spx111 1588597375 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

qakbotspx1111588597375bankerstealertrojan

behavioral2

qakbotspx1111588597375bankerstealertrojan