qakbot | 6eaf6c5543a5b1dbfcc8228818edc7f92407dcc3e0ff23ec6494124b41951ee4

General

Target

h.zip
Size

520KB
Sample

210922-rm299sdaa2
MD5

f9756907aa2a6d4325d4cb47d8c624d6
SHA1

a9fc54c7d1caaa677e8753abbc1b68a6e9e0e493
SHA256

6eaf6c5543a5b1dbfcc8228818edc7f92407dcc3e0ff23ec6494124b41951ee4
SHA512

c576332ffefca7c5571b00bddaeddad864843ce336c786a7b94eb315fe11d30788fdbdc01a549bff80ec313511653dc44e226ee9fbef478d17729f9dce7d1b74

Score

10^/10

qakbot tr 1632152047 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

402.318

Botnet

tr

Campaign

1632152047

C2

45.46.53.140:2222

144.139.47.206:443

189.210.115.207:443

120.150.218.241:995

47.22.148.6:443

140.82.49.12:443

24.139.72.117:443

24.229.150.54:995

24.55.112.61:443

136.232.34.70:443

95.77.223.148:443

173.21.10.71:2222

76.25.142.196:443

96.37.113.36:993

71.74.12.34:443

73.151.236.31:443

67.165.206.193:993

109.12.111.14:443

68.204.7.158:443

105.198.236.99:443

Targets

- Target
  
  host.html
- Size
  
  966KB
- MD5
  
  9ad2f8423d740fbbffc537c7a9f5020d
- SHA1
  
  ba9524b5cccc08e1f4f5d37b998aac5d9f1777f5
- SHA256
  
  0bb24c7d998c2f68296fc2285719e17cc20ad4e86d0b1986362b03af7f5a63d7
- SHA512
  
  e424b060efaa33b032d413b34a0edc2c9ecf6367380adf7102c4027a6cc8466318e65d4549102eba65491f05bf6ae101436e94b66cce1f2ec61f55a03da6eb6d
Score

10^/10

qakbot tr 1632152047 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2