qakbot | e6d6a4dbb1c9f55d0ccc34bc03224bdc8b2969fbc5954f12aa2508efb0193ff0

General

Target

bold.html.2
Size

1.0MB
Sample

211005-rbed3ahhd4
MD5

2b8d82e08d44fa9af1bfffdc73161bdd
SHA1

dc5b93f05e4110c35bbb82e4445c645d4f3d0ac0
SHA256

e6d6a4dbb1c9f55d0ccc34bc03224bdc8b2969fbc5954f12aa2508efb0193ff0
SHA512

78ae6e3f5588da2720cbb3be41042bbf708b4717b35b0163f525744a8ffd9886b9fb2c149f252de0c7e6e6140ae29b49c7955ee6041000c30d2c7dbbea5f7706

Score

10^/10

qakbot tr 1633334141 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

402.363

Botnet

tr

Campaign

1633334141

C2

75.75.179.226:443

185.250.148.74:443

122.11.220.212:2222

120.150.218.241:995

103.148.120.144:443

140.82.49.12:443

40.131.140.155:995

206.47.134.234:2222

73.230.205.91:443

190.198.206.189:2222

103.157.122.198:995

81.250.153.227:2222

167.248.100.227:443

96.57.188.174:2078

217.17.56.163:2222

217.17.56.163:2078

41.228.22.180:443

136.232.34.70:443

68.186.192.69:443

167.248.111.245:443

Targets

- Target
  
  bold.html.2
- Size
  
  1.0MB
- MD5
  
  2b8d82e08d44fa9af1bfffdc73161bdd
- SHA1
  
  dc5b93f05e4110c35bbb82e4445c645d4f3d0ac0
- SHA256
  
  e6d6a4dbb1c9f55d0ccc34bc03224bdc8b2969fbc5954f12aa2508efb0193ff0
- SHA512
  
  78ae6e3f5588da2720cbb3be41042bbf708b4717b35b0163f525744a8ffd9886b9fb2c149f252de0c7e6e6140ae29b49c7955ee6041000c30d2c7dbbea5f7706
Score

10^/10

qakbot tr 1633334141 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2