qakbot | 5143bfde3fa1b95407cf4ec97bbfea72554188ad7b866e41f0ef09fa43a2bb98

General

Target

httpd.exe
Size

436KB
Sample

210929-pv4rysfbbq
MD5

5ee75a7c68bfc3a8afcab5b7bc972c49
SHA1

ac6c61b6ed9ba2690ed8c1d4f7263be99781c0a0
SHA256

5143bfde3fa1b95407cf4ec97bbfea72554188ad7b866e41f0ef09fa43a2bb98
SHA512

576abfa0d54ec1c8a26ebe364716fd64579e07942ffb9dd9a325460f53b1e33833fda2b24de4a11ab2dbef9ba9cc5fcbd9a5449b280d052ed36b66190f6faff0

Score

10^/10

qakbot tr 1632817399 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

402.363

Botnet

tr

Campaign

1632817399

C2

105.198.236.99:443

140.82.49.12:443

37.210.152.224:995

89.101.97.139:443

81.241.252.59:2078

27.223.92.142:995

81.250.153.227:2222

73.151.236.31:443

47.22.148.6:443

122.11.220.212:2222

120.151.47.189:443

199.27.127.129:443

216.201.162.158:443

136.232.34.70:443

76.25.142.196:443

181.118.183.94:443

120.150.218.241:995

185.250.148.74:443

95.77.223.148:443

75.66.88.33:443

Targets

- Target
  
  httpd.exe
- Size
  
  436KB
- MD5
  
  5ee75a7c68bfc3a8afcab5b7bc972c49
- SHA1
  
  ac6c61b6ed9ba2690ed8c1d4f7263be99781c0a0
- SHA256
  
  5143bfde3fa1b95407cf4ec97bbfea72554188ad7b866e41f0ef09fa43a2bb98
- SHA512
  
  576abfa0d54ec1c8a26ebe364716fd64579e07942ffb9dd9a325460f53b1e33833fda2b24de4a11ab2dbef9ba9cc5fcbd9a5449b280d052ed36b66190f6faff0
Score

10^/10

qakbot tr 1632817399 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2