qakbot | 956ecb4afa437eafe56f958b34b6a78303ad626baee004715dc6634b7546bf85

General

Target

ocrafh.html
Size

819KB
Sample

211012-qbw4facdd7
MD5

2897721785645ad5b2a8fb524ed650c0
SHA1

d836fa75f0682b4c393418231aefca97169d551e
SHA256

956ecb4afa437eafe56f958b34b6a78303ad626baee004715dc6634b7546bf85
SHA512

f40e3cd7ab855c3d5513efb0c84b831a538226a8baa7d743368989dcb5461b3d0ef7dd5cdd9a538a48835aebe60044e9bfdc063e5fb19cce7fecabe213c2786a

Score

10^/10

qakbot tr 1633597626 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

402.363

Botnet

tr

Campaign

1633597626

C2

120.150.218.241:995

185.250.148.74:443

89.137.52.44:443

66.103.170.104:2222

86.8.177.143:443

216.201.162.158:443

174.54.193.186:443

103.148.120.144:443

188.50.169.158:443

124.123.42.115:2222

140.82.49.12:443

199.27.127.129:443

81.241.252.59:2078

209.142.97.161:995

209.50.20.255:443

73.230.205.91:443

200.232.214.222:995

103.142.10.177:443

2.222.167.138:443

41.228.22.180:443

Targets

- Target
  
  ocrafh.html
- Size
  
  819KB
- MD5
  
  2897721785645ad5b2a8fb524ed650c0
- SHA1
  
  d836fa75f0682b4c393418231aefca97169d551e
- SHA256
  
  956ecb4afa437eafe56f958b34b6a78303ad626baee004715dc6634b7546bf85
- SHA512
  
  f40e3cd7ab855c3d5513efb0c84b831a538226a8baa7d743368989dcb5461b3d0ef7dd5cdd9a538a48835aebe60044e9bfdc063e5fb19cce7fecabe213c2786a
Score

10^/10

qakbot tr 1633597626 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2