qakbot | d2157bd2deee9de3b537377329ec18a466c28cd9a8a4bbe165fa1f1527e7d103 | Triage

Sharing

General

Target

13d0184.dll
Size

131KB
Sample

211019-zv43tshcfj
MD5

5232d30313fb4c1960bb72a0d2941848
SHA1

08141f2115bcde3ae0568ec921c78e14d0a9deeb
SHA256

d2157bd2deee9de3b537377329ec18a466c28cd9a8a4bbe165fa1f1527e7d103
SHA512

64ba67c903c58055ea5ff8a46f3883839ee2e1271b67cf3226b861b09b3140ed98880bf26dec4982c604e3ff8dcba756d16a9ff7801704759fa0c1ec76c63287

Score

10^/10

qakbot domain01 1632765151 banker evasion stealer trojan

Malware Config

Extracted

Family

qakbot

Version

402.363

Botnet

domain01

Campaign

1632765151

C2

173.21.10.71:2222

67.165.206.193:993

37.210.152.224:995

68.204.7.158:443

89.101.97.139:443

47.22.148.6:443

120.151.47.189:443

47.40.196.233:2222

24.229.150.54:995

81.250.153.227:2222

76.25.142.196:443

71.74.12.34:443

181.118.183.94:443

24.55.112.61:443

24.139.72.117:443

120.150.218.241:995

185.250.148.74:443

109.12.111.14:443

140.82.49.12:443

177.130.82.197:2222

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  13d0184.dll
- Size
  
  131KB
- MD5
  
  5232d30313fb4c1960bb72a0d2941848
- SHA1
  
  08141f2115bcde3ae0568ec921c78e14d0a9deeb
- SHA256
  
  d2157bd2deee9de3b537377329ec18a466c28cd9a8a4bbe165fa1f1527e7d103
- SHA512
  
  64ba67c903c58055ea5ff8a46f3883839ee2e1271b67cf3226b861b09b3140ed98880bf26dec4982c604e3ff8dcba756d16a9ff7801704759fa0c1ec76c63287
Score

10^/10

qakbot domain01 1632765151 banker stealer trojan evasion
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Windows security bypass
  evasion trojan
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

domain011632765151qakbot

behavioral1

qakbotdomain011632765151bankerstealertrojan

behavioral2

qakbotdomain011632765151bankerevasionstealertrojan