qakbot | 27ce40cf8afbfd852dd1ab2cb32663d856b12305d4b346900663ae094fd6a739

General

Target

fasol.dll
Size

855KB
Sample

210609-68catvm26s
MD5

cfb34b11574df77689a3783dac6550ef
SHA1

4c3f221736c5860c1c10752f51de17340c99e598
SHA256

27ce40cf8afbfd852dd1ab2cb32663d856b12305d4b346900663ae094fd6a739
SHA512

06c5e2262a796b432163a7420d0755513fa3415e128970bafc1b741ff0ab829601ff65962ece137b78f08f0f6981b1738c58e9198b44be4c5ab55cbb433e4212

Score

10^/10

qakbot tr 1623231070 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

402.68

Botnet

tr

Campaign

1623231070

C2

24.152.219.253:995

47.22.148.6:443

92.59.35.196:2222

216.201.162.158:443

86.220.62.251:2222

105.198.236.99:443

136.232.34.70:443

81.97.154.100:443

81.214.126.173:2222

71.41.184.10:3389

76.25.142.196:443

83.110.108.246:2222

125.239.44.146:995

190.85.91.154:443

140.82.49.12:443

105.198.236.101:443

68.186.192.69:443

24.95.61.62:443

90.65.234.26:2222

197.45.110.165:995

Targets

- Target
  
  fasol.dll
- Size
  
  855KB
- MD5
  
  cfb34b11574df77689a3783dac6550ef
- SHA1
  
  4c3f221736c5860c1c10752f51de17340c99e598
- SHA256
  
  27ce40cf8afbfd852dd1ab2cb32663d856b12305d4b346900663ae094fd6a739
- SHA512
  
  06c5e2262a796b432163a7420d0755513fa3415e128970bafc1b741ff0ab829601ff65962ece137b78f08f0f6981b1738c58e9198b44be4c5ab55cbb433e4212
Score

10^/10

qakbot tr 1623231070 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2