qakbot | 416be444bcaf267f35bc3b337c6406627de0dbc15bea18e9c0978c645646d00f

General

Target

bin.html
Size

442KB
Sample

210614-ky4yxtke36
MD5

af1b8ffa5ce349f166657df784433ab8
SHA1

69f72846d7aeb2a756a93d99182dd57dd0573585
SHA256

416be444bcaf267f35bc3b337c6406627de0dbc15bea18e9c0978c645646d00f
SHA512

78e47aae18225df0998c417853bb7f32913ece4e17a196ce86a597a53f7fce3ed4c2aa64fad3f100df6441112fdb8c6f22b15b2c553522cb627cea1a7a4b585e

Score

10^/10

qakbot tr 1623225382 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

402.68

Botnet

tr

Campaign

1623225382

C2

190.85.91.154:443

140.82.49.12:443

105.198.236.101:443

68.186.192.69:443

24.95.61.62:443

90.65.234.26:2222

197.45.110.165:995

96.61.23.88:995

172.78.51.35:443

184.185.103.157:443

71.163.222.223:443

27.223.92.142:995

24.179.77.236:443

97.69.160.4:2222

188.26.91.212:443

75.67.192.125:443

24.152.219.253:995

92.59.35.196:2222

47.22.148.6:443

216.201.162.158:443

Targets

- Target
  
  bin.html
- Size
  
  442KB
- MD5
  
  af1b8ffa5ce349f166657df784433ab8
- SHA1
  
  69f72846d7aeb2a756a93d99182dd57dd0573585
- SHA256
  
  416be444bcaf267f35bc3b337c6406627de0dbc15bea18e9c0978c645646d00f
- SHA512
  
  78e47aae18225df0998c417853bb7f32913ece4e17a196ce86a597a53f7fce3ed4c2aa64fad3f100df6441112fdb8c6f22b15b2c553522cb627cea1a7a4b585e
Score

10^/10

qakbot tr 1623225382 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2