qakbot | 7c285a6673dfe367c0d97deb3d505339c3245c36ce37071425f4c1adc1df4a49

General

Target

44364.6310469907.dat.dll
Size

719KB
Sample

210617-m9bw9vq95s
MD5

6b400086d88f925aae7fa76a1e2ad1a1
SHA1

5629fa2c872203e591e7d63acb2dc55212c8f62e
SHA256

7c285a6673dfe367c0d97deb3d505339c3245c36ce37071425f4c1adc1df4a49
SHA512

f362a0ec7a454b0ece88be4c456559e2f5a64c8ebe19eb093c67c1f4ff0ae81d495caa558b472205e3d2b7aeaef54e59f1a85dd6201114ba8fa470d52c9c1140

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

402.115

Botnet

clinton35

Campaign

1623917674

C2

86.220.60.247:2222

24.179.77.236:443

68.186.192.69:443

197.45.110.165:995

96.253.46.210:443

186.144.33.73:443

175.136.38.142:443

47.22.148.6:443

76.25.142.196:443

45.32.211.207:443

207.246.116.237:8443

45.77.115.208:443

45.77.115.208:995

149.28.101.90:2222

207.246.116.237:443

144.202.38.185:2222

149.28.101.90:995

207.246.77.75:443

207.246.77.75:995

207.246.77.75:2222

Targets

- Target
  
  44364.6310469907.dat.dll
- Size
  
  719KB
- MD5
  
  6b400086d88f925aae7fa76a1e2ad1a1
- SHA1
  
  5629fa2c872203e591e7d63acb2dc55212c8f62e
- SHA256
  
  7c285a6673dfe367c0d97deb3d505339c3245c36ce37071425f4c1adc1df4a49
- SHA512
  
  f362a0ec7a454b0ece88be4c456559e2f5a64c8ebe19eb093c67c1f4ff0ae81d495caa558b472205e3d2b7aeaef54e59f1a85dd6201114ba8fa470d52c9c1140
Score

10^/10

qakbot clinton35 1623917674 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2