qakbot | 6f63742c25fd3a2dae5995f182254c253003066488ef86e754f661e8ba1d76fd | Triage

Sharing

General

Target

687550f98527483a1c49ab185a2105ea.dll
Size

471KB
Sample

210930-spl7haaad6
MD5

687550f98527483a1c49ab185a2105ea
SHA1

42d0db4cdc64e1fc2e57025f031f285cf0ba45a3
SHA256

6f63742c25fd3a2dae5995f182254c253003066488ef86e754f661e8ba1d76fd
SHA512

2b92d4cb037c0a6dd6855819d8e44ec036bc3fac71d7c2ee537bb6dfe907888b69b97958ebaa7b102e473f76ce6d1811ce090fb1e7ab38c18d2b1c6098403fc5

Score

10^/10

qakbot tr 1632817399 banker evasion stealer trojan

Malware Config

Extracted

Family

qakbot

Version

402.363

Botnet

tr

Campaign

1632817399

C2

105.198.236.99:443

140.82.49.12:443

37.210.152.224:995

89.101.97.139:443

81.241.252.59:2078

27.223.92.142:995

81.250.153.227:2222

73.151.236.31:443

47.22.148.6:443

122.11.220.212:2222

120.151.47.189:443

199.27.127.129:443

216.201.162.158:443

136.232.34.70:443

76.25.142.196:443

181.118.183.94:443

120.150.218.241:995

185.250.148.74:443

95.77.223.148:443

75.66.88.33:443

Targets

- Target
  
  687550f98527483a1c49ab185a2105ea.dll
- Size
  
  471KB
- MD5
  
  687550f98527483a1c49ab185a2105ea
- SHA1
  
  42d0db4cdc64e1fc2e57025f031f285cf0ba45a3
- SHA256
  
  6f63742c25fd3a2dae5995f182254c253003066488ef86e754f661e8ba1d76fd
- SHA512
  
  2b92d4cb037c0a6dd6855819d8e44ec036bc3fac71d7c2ee537bb6dfe907888b69b97958ebaa7b102e473f76ce6d1811ce090fb1e7ab38c18d2b1c6098403fc5
Score

10^/10

qakbot tr 1632817399 banker evasion stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Windows security bypass
  evasion trojan
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

qakbottr1632817399bankerevasionstealertrojan

behavioral2

qakbottr1632817399bankerevasionstealertrojan