qakbot | 64213217559da3cb3ef610ea0fa328e6d64ce829511306b8f12c008b61aed07a

General

Target

2021-06-17 165156.481566.dat
Size

719KB
Sample

210617-p9aasn2bgs
MD5

732d1fb59c3dbf1b5190543c667c7474
SHA1

ef2cd562ab0c83b50632bea7061cb37a2513655c
SHA256

64213217559da3cb3ef610ea0fa328e6d64ce829511306b8f12c008b61aed07a
SHA512

819da6d97c288f85c5d1f7ec080dc5fc8265ab6d2ed5dae7350f2f8a8c038cdb4e86bbd75e34611dbe7f08e4d01ea0880fa22a2418d2c88f880d39d4a1d70584

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

402.115

Botnet

clinton35

Campaign

1623917674

C2

86.220.60.247:2222

24.179.77.236:443

68.186.192.69:443

197.45.110.165:995

96.253.46.210:443

186.144.33.73:443

175.136.38.142:443

47.22.148.6:443

76.25.142.196:443

45.32.211.207:443

207.246.116.237:8443

45.77.115.208:443

45.77.115.208:995

149.28.101.90:2222

207.246.116.237:443

144.202.38.185:2222

149.28.101.90:995

207.246.77.75:443

207.246.77.75:995

207.246.77.75:2222

Targets

- Target
  
  2021-06-17 165156.481566.dat
- Size
  
  719KB
- MD5
  
  732d1fb59c3dbf1b5190543c667c7474
- SHA1
  
  ef2cd562ab0c83b50632bea7061cb37a2513655c
- SHA256
  
  64213217559da3cb3ef610ea0fa328e6d64ce829511306b8f12c008b61aed07a
- SHA512
  
  819da6d97c288f85c5d1f7ec080dc5fc8265ab6d2ed5dae7350f2f8a8c038cdb4e86bbd75e34611dbe7f08e4d01ea0880fa22a2418d2c88f880d39d4a1d70584
Score

10^/10

qakbot clinton35 1623917674 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2