qakbot | 024d1b6626ef61874d6a886e920d510d7811bc8023e7f65c92504d0deade9482

General

Target

ht.dll
Size

307KB
Sample

210618-jr7249ptvj
MD5

8c0c26aa4a773a4f136b9ad1cf01b7fd
SHA1

a770ec77a9c9f661fc434f218477fb77aec62a37
SHA256

024d1b6626ef61874d6a886e920d510d7811bc8023e7f65c92504d0deade9482
SHA512

8952aceb747a41f49f204290d02edfbc6e77f460bdb51ccbc8ec7c851a893d5bdc754bb5c1c2f977df4d444bc3b5a6f17a91c9dfcf3b013ba49d863e1f14fd0c

Score

10^/10

qakbot tr 1623837834 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

402.115

Botnet

tr

Campaign

1623837834

C2

144.139.47.206:443

105.198.236.101:443

136.232.34.70:443

90.65.234.26:2222

71.41.184.10:3389

98.192.185.86:443

184.185.103.157:443

24.179.77.236:443

81.97.154.100:443

186.144.33.73:443

96.253.46.210:443

213.122.113.120:443

47.22.148.6:443

149.28.99.97:995

45.63.107.192:2222

45.32.211.207:443

45.32.211.207:8443

149.28.98.196:995

45.63.107.192:995

45.77.115.208:443

Targets

- Target
  
  ht.dll
- Size
  
  307KB
- MD5
  
  8c0c26aa4a773a4f136b9ad1cf01b7fd
- SHA1
  
  a770ec77a9c9f661fc434f218477fb77aec62a37
- SHA256
  
  024d1b6626ef61874d6a886e920d510d7811bc8023e7f65c92504d0deade9482
- SHA512
  
  8952aceb747a41f49f204290d02edfbc6e77f460bdb51ccbc8ec7c851a893d5bdc754bb5c1c2f977df4d444bc3b5a6f17a91c9dfcf3b013ba49d863e1f14fd0c
Score

10^/10

qakbot tr 1623837834 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2