qakbot | ae3c8cc59fa270b406f4dc7cfed2fc45677a745ce4465d04c98b915edc16a899

General

Target

sample_1.exe
Size

520KB
Sample

210910-hshclshfd2
MD5

15c181df90fd532443e7cbbd9335241c
SHA1

fbc16d6ae1a8c2a1910f4b544b2d2e17c5d762f3
SHA256

ae3c8cc59fa270b406f4dc7cfed2fc45677a745ce4465d04c98b915edc16a899
SHA512

c8e46beb7b300036b796cb0e0da185a2ca8bb320fda976bf855d2a71ea20b66e4e9a8c0d269d21ae6dbb4ac401ebcb7022f2ba85104741dea78eaf3aedc9fd0d

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

324.141

Botnet

spx114

Campaign

1588852466

C2

72.196.114.129:443

69.88.211.123:443

47.232.26.181:443

173.172.205.216:443

72.36.59.46:2222

208.126.142.17:443

184.98.104.7:995

72.204.242.138:6881

50.244.112.106:443

47.214.144.253:443

5.182.39.156:443

47.146.169.85:443

73.210.114.187:443

77.159.149.74:443

71.80.66.107:443

31.5.189.71:443

73.163.242.114:443

74.56.167.31:443

24.110.96.149:443

172.78.87.180:443

Targets

- Target
  
  sample_1.exe
- Size
  
  520KB
- MD5
  
  15c181df90fd532443e7cbbd9335241c
- SHA1
  
  fbc16d6ae1a8c2a1910f4b544b2d2e17c5d762f3
- SHA256
  
  ae3c8cc59fa270b406f4dc7cfed2fc45677a745ce4465d04c98b915edc16a899
- SHA512
  
  c8e46beb7b300036b796cb0e0da185a2ca8bb320fda976bf855d2a71ea20b66e4e9a8c0d269d21ae6dbb4ac401ebcb7022f2ba85104741dea78eaf3aedc9fd0d
Score

10^/10

qakbot spx114 1588852466 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

Peripheral Device Discovery

1

T1120

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2