44490.4217984954.dat

Target

Size

534KB

Sample

211021-mmrrbaabf7

Score

10 ^/10

MD5

1ca07a72a885754193c2f8536728a5ef

SHA1

c58a312b7e26afa6a0c0782481d2504be39ca262

SHA256

a0bfba60d2ae341fc6af47bcbd9f4f521c5f0cabf05a50479bbc70597bb519e8

SHA512

6bdb91b12364ece4c0b53bac3b22cb454cbd37ea970a29501d84976fcffa45ff38491aefc028dfdca486d47ddd1d4a93518eb11cc0ddb624a1e82e928c8997e3

Extracted

Family	qakbot
Version	402.363
Botnet	biden54
Campaign	1634802135
C2	81.250.153.227:2222 120.150.218.241:995 76.25.142.196:443 63.143.92.99:995 89.101.97.139:443 136.143.11.232:443 81.213.59.22:443 136.232.34.70:443 140.82.49.12:443 37.208.181.198:61200 78.191.24.189:995 216.201.162.158:443 197.89.144.102:443 89.137.52.44:443 182.176.180.73:443 173.21.10.71:2222 117.198.156.56:443 196.207.140.40:995 103.142.10.177:443 24.231.209.2:6881 27.223.92.142:995 96.246.158.154:995 71.74.12.34:443 24.231.209.2:2222 75.188.35.168:443 209.210.95.228:995 73.151.236.31:443 220.255.25.187:2222 187.156.134.254:443 41.235.69.115:443 189.175.219.53:80 108.4.67.252:443 209.210.95.228:993 67.165.206.193:993 173.25.162.221:443 100.1.119.41:443 93.48.58.123:2222 65.100.174.110:443 201.137.10.225:443 24.229.150.54:995 146.66.238.74:443 68.204.7.158:443 37.208.181.198:443 41.86.42.158:995 189.135.16.92:443 187.75.66.160:995 72.173.78.211:443 37.117.191.19:2222 94.200.181.154:443 109.12.111.14:443 96.37.113.36:993 45.46.53.140:2222 103.150.40.76:995 24.231.209.2:2083 181.4.53.6:465 2.222.167.138:443 86.220.112.26:2222 24.152.219.253:995 181.118.183.94:443 37.210.155.239:995 129.208.147.188:995 105.198.236.99:995 50.194.160.233:32100 50.194.160.233:465 189.146.41.71:443 24.55.112.61:443 38.70.253.226:2222 72.252.201.69:995 78.105.213.151:995 103.143.8.71:443 109.40.1.4:443 187.149.227.40:443 91.178.126.51:995 81.241.252.59:2078 65.100.174.110:995 39.49.4.147:995 24.139.72.117:443 106.193.223.126:443 86.8.177.143:443 24.119.214.7:443 209.210.95.228:443 78.71.154.58:2222 47.151.181.188:443 78.71.167.243:2222 117.215.230.90:443 174.54.193.186:443 72.27.84.16:995 39.52.224.154:995 188.54.167.41:443 49.206.29.127:443 103.133.200.139:443 98.203.26.168:443 199.27.127.129:443 208.78.220.143:443 47.40.196.233:2222 86.152.43.219:443 201.111.144.72:443 2.237.74.121:2222 115.96.64.9:995 73.52.50.32:443 162.210.220.137:443 103.170.110.191:995 103.170.110.191:465 103.82.211.39:990 31.166.234.68:443 111.91.87.187:995 103.82.211.39:995 174.76.17.43:443 213.60.210.85:443 203.175.72.19:995 167.248.117.81:443 41.228.22.180:443 116.193.136.10:443 122.179.158.212:443 103.148.120.144:443 103.82.211.39:993 117.202.161.73:2222 65.100.174.110:8443 65.100.174.110:6881 69.30.186.190:443 190.117.91.214:443 39.40.37.70:32100 187.172.17.193:443 80.6.192.58:443 68.186.192.69:443 122.60.71.201:995 173.22.178.66:443 2.221.12.60:443 201.68.60.118:995 50.194.160.233:995 65.100.174.110:32103 123.201.44.86:6881 177.76.251.27:995 67.230.44.194:443 109.200.192.84:443 73.230.205.91:443 189.252.201.83:32101 136.232.254.46:443 95.159.33.115:995 115.96.62.113:443 85.60.147.26:2078 75.131.217.182:443 85.60.147.26:2222 129.35.116.77:990 81.250.153.227:2222 120.150.218.241:995 76.25.142.196:443 63.143.92.99:995 89.101.97.139:443 136.143.11.232:443 81.213.59.22:443 136.232.34.70:443 140.82.49.12:443 37.208.181.198:61200 78.191.24.189:995 216.201.162.158:443 197.89.144.102:443 89.137.52.44:443 182.176.180.73:443 173.21.10.71:2222 117.198.156.56:443 196.207.140.40:995 103.142.10.177:443 24.231.209.2:6881 27.223.92.142:995 96.246.158.154:995 71.74.12.34:443 24.231.209.2:2222 75.188.35.168:443 209.210.95.228:995 73.151.236.31:443 220.255.25.187:2222 187.156.134.254:443 41.235.69.115:443 189.175.219.53:80 108.4.67.252:443 209.210.95.228:993 67.165.206.193:993 173.25.162.221:443 100.1.119.41:443 93.48.58.123:2222 65.100.174.110:443 201.137.10.225:443 24.229.150.54:995 146.66.238.74:443 68.204.7.158:443 37.208.181.198:443 41.86.42.158:995 189.135.16.92:443 187.75.66.160:995 72.173.78.211:443 37.117.191.19:2222 94.200.181.154:443 109.12.111.14:443 96.37.113.36:993 45.46.53.140:2222 103.150.40.76:995 24.231.209.2:2083 181.4.53.6:465 2.222.167.138:443 86.220.112.26:2222 24.152.219.253:995 181.118.183.94:443 37.210.155.239:995 129.208.147.188:995 105.198.236.99:995 50.194.160.233:32100 50.194.160.233:465 189.146.41.71:443 24.55.112.61:443 38.70.253.226:2222 72.252.201.69:995 78.105.213.151:995 103.143.8.71:443 109.40.1.4:443 187.149.227.40:443 91.178.126.51:995 81.241.252.59:2078 65.100.174.110:995 39.49.4.147:995 24.139.72.117:443 106.193.223.126:443 86.8.177.143:443 24.119.214.7:443 209.210.95.228:443 78.71.154.58:2222 47.151.181.188:443 78.71.167.243:2222 117.215.230.90:443 174.54.193.186:443 72.27.84.16:995 39.52.224.154:995 188.54.167.41:443 49.206.29.127:443 103.133.200.139:443 98.203.26.168:443 199.27.127.129:443 208.78.220.143:443 47.40.196.233:2222 86.152.43.219:443 201.111.144.72:443 2.237.74.121:2222 115.96.64.9:995 73.52.50.32:443 162.210.220.137:443 103.170.110.191:995 103.170.110.191:465 103.82.211.39:990 31.166.234.68:443 111.91.87.187:995 103.82.211.39:995 174.76.17.43:443 213.60.210.85:443 203.175.72.19:995 167.248.117.81:443 41.228.22.180:443 116.193.136.10:443 122.179.158.212:443 103.148.120.144:443 103.82.211.39:993 117.202.161.73:2222 65.100.174.110:8443 65.100.174.110:6881 69.30.186.190:443 190.117.91.214:443 39.40.37.70:32100 187.172.17.193:443 80.6.192.58:443 68.186.192.69:443 122.60.71.201:995 173.22.178.66:443 2.221.12.60:443 201.68.60.118:995 50.194.160.233:995 65.100.174.110:32103 123.201.44.86:6881 177.76.251.27:995 67.230.44.194:443 109.200.192.84:443 73.230.205.91:443 189.252.201.83:32101 136.232.254.46:443 95.159.33.115:995 115.96.62.113:443 85.60.147.26:2078 75.131.217.182:443 85.60.147.26:2222 129.35.116.77:990
Attributes	salt jHxastDcds)oMc=jvh7wdUhxcsdt2

Target

44490.4217984954.dat

MD5

1ca07a72a885754193c2f8536728a5ef

Filesize

534KB

Score

10^/10

SHA1

c58a312b7e26afa6a0c0782481d2504be39ca262

SHA256

a0bfba60d2ae341fc6af47bcbd9f4f521c5f0cabf05a50479bbc70597bb519e8

SHA512

6bdb91b12364ece4c0b53bac3b22cb454cbd37ea970a29501d84976fcffa45ff38491aefc028dfdca486d47ddd1d4a93518eb11cc0ddb624a1e82e928c8997e3

Signatures

Qakbot/Qbot
Description

Qbot or Qakbot is a sophisticated worm with banking capabilities.
Tags

trojan banker stealer qakbot
Windows security bypass
Tags

evasion trojan

TTPs

Disabling Security ToolsModify Registry
Loads dropped DLL

Related Tasks

behavioral1 behavioral2

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Scheduled Task

Privilege Escalation

static1

behavioral1

qakbot biden54 1634802135 banker evasion stealer trojan

10^/10

behavioral2

qakbot biden54 1634802135 banker evasion stealer trojan

10^/10

Extracted

Tags

Signatures

Qakbot/Qbot

Description

Tags

Windows security bypass

Tags

TTPs

Loads dropped DLL

Related Tasks

static1

behavioral1

behavioral2