qakbot | 374f9381f814b845b84946b36ea014c7298cc20f2fa2cfc16b0ca2abab99cc9d

General

Target

44355.4322108796.dat =^_^=
Size

1.2MB
Sample

210608-jrc1853nan
MD5

1592b86cafb9cb3edb9603299be50641
SHA1

22a57dc233d4f3b28e97eb476398d4e6118e7c4b
SHA256

374f9381f814b845b84946b36ea014c7298cc20f2fa2cfc16b0ca2abab99cc9d
SHA512

5facfb9e8b96fc22690e29566caf11a0a2cfd4b5bfe921688ba30f77720be97f1b7bc26f591bd64329b783ff5aeeb7fa09bb5ee9d15379a511c45146266bcc1a

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

402.68

Botnet

clinton32

Campaign

1623136486

C2

97.69.160.4:2222

75.67.192.125:443

86.220.62.251:2222

24.179.77.236:443

197.45.110.165:995

27.223.92.142:995

24.152.219.253:995

47.22.148.6:443

92.59.35.196:2222

136.232.34.70:443

188.26.91.212:443

149.28.101.90:2222

149.28.101.90:8443

207.246.77.75:995

45.77.115.208:2222

45.77.115.208:443

149.28.98.196:443

144.202.38.185:995

45.77.117.108:995

207.246.77.75:8443

Targets

- Target
  
  44355.4322108796.dat =^_^=
- Size
  
  1.2MB
- MD5
  
  1592b86cafb9cb3edb9603299be50641
- SHA1
  
  22a57dc233d4f3b28e97eb476398d4e6118e7c4b
- SHA256
  
  374f9381f814b845b84946b36ea014c7298cc20f2fa2cfc16b0ca2abab99cc9d
- SHA512
  
  5facfb9e8b96fc22690e29566caf11a0a2cfd4b5bfe921688ba30f77720be97f1b7bc26f591bd64329b783ff5aeeb7fa09bb5ee9d15379a511c45146266bcc1a
Score

10^/10

qakbot clinton32 1623136486 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2