qakbot | 8a8f2fc400d22736477152a5368b53bdfdebefb2c22c586514b2fea4b269512e

General

Target

sun.html
Size

315KB
Sample

210617-1jcca3raba
MD5

d692c23aadd2f5d0a570bb3a7c103285
SHA1

c67d89e596dde56bdb74905c8f2372219318e0b5
SHA256

8a8f2fc400d22736477152a5368b53bdfdebefb2c22c586514b2fea4b269512e
SHA512

7de3171fcc5b63a03fc8cb4952746a5445a894d7dd6d5faaff1bb49d12992123a3f8e8f63d670ff753182633d0ac8c8b18bc1b600a925df0148907e5e0ebcac1

Score

10^/10

qakbot tr 1623837834 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

402.115

Botnet

tr

Campaign

1623837834

C2

144.139.47.206:443

105.198.236.101:443

136.232.34.70:443

90.65.234.26:2222

71.41.184.10:3389

98.192.185.86:443

184.185.103.157:443

24.179.77.236:443

81.97.154.100:443

186.144.33.73:443

96.253.46.210:443

213.122.113.120:443

47.22.148.6:443

149.28.99.97:995

45.63.107.192:2222

45.32.211.207:443

45.32.211.207:8443

149.28.98.196:995

45.63.107.192:995

45.77.115.208:443

Targets

- Target
  
  sun.html
- Size
  
  315KB
- MD5
  
  d692c23aadd2f5d0a570bb3a7c103285
- SHA1
  
  c67d89e596dde56bdb74905c8f2372219318e0b5
- SHA256
  
  8a8f2fc400d22736477152a5368b53bdfdebefb2c22c586514b2fea4b269512e
- SHA512
  
  7de3171fcc5b63a03fc8cb4952746a5445a894d7dd6d5faaff1bb49d12992123a3f8e8f63d670ff753182633d0ac8c8b18bc1b600a925df0148907e5e0ebcac1
Score

10^/10

qakbot tr 1623837834 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2