qakbot | 49b7cc4c2a392f1c6cdb3ef0e3bd887df5669a94e8ebeebf4a176e268dfda566 | Triage

Sharing

General

Target

49b7cc4c2a392f1c6cdb3ef0e3bd887df5669a94e8ebeebf4a176e268dfda566
Size

2.0MB
Sample

210511-vhf6wtyd4s
MD5

964a2caa2ac93f3bf8f6f9cb3613b6ac
SHA1

88a9cab33371b257ad08a14d266378bd3ceab33b
SHA256

49b7cc4c2a392f1c6cdb3ef0e3bd887df5669a94e8ebeebf4a176e268dfda566
SHA512

3db8418dc7b91cec579cfe20aaa0847d33298c1c39db0223efb1d35c2280c5a0b4d0bab4770da76aea0395f0f98b73067d0c2d8d05d61950886e2030fa967b08

Score

10^/10

qakbot spx112 1588678797 banker cryptone packer stealer trojan

Malware Config

Extracted

Family

qakbot

Version

324.136

Botnet

spx112

Campaign

1588678797

C2

81.133.234.36:2222

31.5.21.66:443

41.233.43.51:995

96.37.113.36:443

86.233.4.153:2222

98.118.156.172:443

89.34.214.130:443

79.116.237.126:443

72.16.212.107:465

72.36.59.46:2222

5.74.188.119:995

67.209.195.198:3389

98.32.60.217:443

24.46.40.189:2222

77.159.149.74:443

174.30.24.61:443

98.115.138.61:443

189.159.82.203:995

108.21.54.174:443

81.103.144.77:443

Targets

- Target
  
  49b7cc4c2a392f1c6cdb3ef0e3bd887df5669a94e8ebeebf4a176e268dfda566
- Size
  
  2.0MB
- MD5
  
  964a2caa2ac93f3bf8f6f9cb3613b6ac
- SHA1
  
  88a9cab33371b257ad08a14d266378bd3ceab33b
- SHA256
  
  49b7cc4c2a392f1c6cdb3ef0e3bd887df5669a94e8ebeebf4a176e268dfda566
- SHA512
  
  3db8418dc7b91cec579cfe20aaa0847d33298c1c39db0223efb1d35c2280c5a0b4d0bab4770da76aea0395f0f98b73067d0c2d8d05d61950886e2030fa967b08
Score

10^/10

qakbot spx112 1588678797 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

qakbotspx1121588678797bankerstealertrojan

behavioral2

qakbotspx1121588678797bankerstealertrojan