qakbot | 16471dc71340211bdfce494c75513a57b0cd0c4eb448bec28954b004b77a155e

General

Target

6629837791592448.zip
Size

470KB
Sample

210627-bg7ghvvtg6
MD5

de5779e7e1c39270d0dac487b689da80
SHA1

94de9d4271a6b353376f8387081184b3e3a7d747
SHA256

16471dc71340211bdfce494c75513a57b0cd0c4eb448bec28954b004b77a155e
SHA512

470d39243a5361c5f881520f2bb0ec315960229c7455df03e7f23ec84e890823a931a6ad9d01e8f98b92eeaabcaa6790c022635244272bebcda69e6fd9a61f26

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

401.194

Botnet

biden12

Campaign

1615580905

C2

24.229.150.54:995

109.12.111.14:443

173.21.10.71:2222

81.214.126.173:2222

75.118.1.141:443

98.252.118.134:443

71.74.12.34:443

186.31.77.42:443

81.97.154.100:443

71.117.132.169:443

24.139.72.117:443

67.165.206.193:993

106.51.52.111:443

47.196.192.184:443

71.197.126.250:443

24.95.61.62:443

47.22.148.6:443

195.12.154.8:443

71.163.223.159:443

197.45.110.165:995

Targets

- Target
  
  d279540df6c9c5c0e024dfe7d407e9e347c57ce2f1e64e8b5cf12cf87eb8eb7c
- Size
  
  720KB
- MD5
  
  7e5716d666ae8b5e475d916b3894db2b
- SHA1
  
  e0cce9ed4cf7429d201889f60e067242407b79aa
- SHA256
  
  d279540df6c9c5c0e024dfe7d407e9e347c57ce2f1e64e8b5cf12cf87eb8eb7c
- SHA512
  
  a207af4c06ab5be62c1cf5cee122a6e2bfe41929bb02ad93a9b5df3679f7a7a80d22a10f3179a47b2581c96bb6b22868eec8587f1532261cd794c31a51f3374e
Score

10^/10

qakbot biden12 1615580905 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2