qakbot | 966a07b1051044e7c89beaffe7d4f4efe5fdd837c544cc59f3d72cb4be323480

General

Target

bold.html
Size

1.0MB
Sample

211005-razcvahhd2
MD5

4607f36948970336c376e27350832138
SHA1

6dad579bd09b062b448013dfe831ffe47b787a82
SHA256

966a07b1051044e7c89beaffe7d4f4efe5fdd837c544cc59f3d72cb4be323480
SHA512

18a7de74896bc708d3e9abaa55fd72409ba4eb06e4279e4c5165de950bcb1d34189f508184efb0de9ff34a27677482d08ca0f2a1e6ef6a5a7f22892fdea18d61

Score

10^/10

qakbot tr 1633334141 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

402.363

Botnet

tr

Campaign

1633334141

C2

75.75.179.226:443

185.250.148.74:443

122.11.220.212:2222

120.150.218.241:995

103.148.120.144:443

140.82.49.12:443

40.131.140.155:995

206.47.134.234:2222

73.230.205.91:443

190.198.206.189:2222

103.157.122.198:995

81.250.153.227:2222

167.248.100.227:443

96.57.188.174:2078

217.17.56.163:2222

217.17.56.163:2078

41.228.22.180:443

136.232.34.70:443

68.186.192.69:443

167.248.111.245:443

Targets

- Target
  
  bold.html
- Size
  
  1.0MB
- MD5
  
  4607f36948970336c376e27350832138
- SHA1
  
  6dad579bd09b062b448013dfe831ffe47b787a82
- SHA256
  
  966a07b1051044e7c89beaffe7d4f4efe5fdd837c544cc59f3d72cb4be323480
- SHA512
  
  18a7de74896bc708d3e9abaa55fd72409ba4eb06e4279e4c5165de950bcb1d34189f508184efb0de9ff34a27677482d08ca0f2a1e6ef6a5a7f22892fdea18d61
Score

10^/10

qakbot tr 1633334141 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2