qakbot | 33b3a01c334b0d5affa35486789ef8bd2adfbe4ef7b2521b69e238763a0ccac4 | Triage

Sharing

General

Target

1400000.dll
Size

120KB
Sample

211019-zwvksahcfk
MD5

1088e3d21723e80896d77e863bbdbb17
SHA1

84d377b491b3b16bb9ba75b8cab2b51ea9e2dee5
SHA256

33b3a01c334b0d5affa35486789ef8bd2adfbe4ef7b2521b69e238763a0ccac4
SHA512

f633a5e226741e470cb0ba76be1079f8093ab6ab4357b4375e741747a0d642e0798dff5cf8d0ae2190eec5e5a6b7fb66bc9a20f40cf18883670d03f2c4462077

Score

10^/10

qakbot domain01 1632765151 banker evasion stealer trojan

Malware Config

Extracted

Family

qakbot

Version

402.363

Botnet

domain01

Campaign

1632765151

C2

173.21.10.71:2222

67.165.206.193:993

37.210.152.224:995

68.204.7.158:443

89.101.97.139:443

47.22.148.6:443

120.151.47.189:443

47.40.196.233:2222

24.229.150.54:995

81.250.153.227:2222

76.25.142.196:443

71.74.12.34:443

181.118.183.94:443

24.55.112.61:443

24.139.72.117:443

120.150.218.241:995

185.250.148.74:443

109.12.111.14:443

140.82.49.12:443

177.130.82.197:2222

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  1400000.dll
- Size
  
  120KB
- MD5
  
  1088e3d21723e80896d77e863bbdbb17
- SHA1
  
  84d377b491b3b16bb9ba75b8cab2b51ea9e2dee5
- SHA256
  
  33b3a01c334b0d5affa35486789ef8bd2adfbe4ef7b2521b69e238763a0ccac4
- SHA512
  
  f633a5e226741e470cb0ba76be1079f8093ab6ab4357b4375e741747a0d642e0798dff5cf8d0ae2190eec5e5a6b7fb66bc9a20f40cf18883670d03f2c4462077
Score

10^/10

qakbot domain01 1632765151 banker evasion stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Windows security bypass
  evasion trojan
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

domain011632765151qakbot

behavioral1

qakbotdomain011632765151bankerevasionstealertrojan

behavioral2

qakbotdomain011632765151bankerstealertrojan