qakbot | a0bfba60d2ae341fc6af47bcbd9f4f521c5f0cabf05a50479bbc70597bb519e8 | Triage

Sharing

General

Target

44490.4217984954.dat
Size

534KB
Sample

211021-mmrrbaabf7
MD5

1ca07a72a885754193c2f8536728a5ef
SHA1

c58a312b7e26afa6a0c0782481d2504be39ca262
SHA256

a0bfba60d2ae341fc6af47bcbd9f4f521c5f0cabf05a50479bbc70597bb519e8
SHA512

6bdb91b12364ece4c0b53bac3b22cb454cbd37ea970a29501d84976fcffa45ff38491aefc028dfdca486d47ddd1d4a93518eb11cc0ddb624a1e82e928c8997e3

Score

10^/10

qakbot biden54 1634802135 banker evasion stealer trojan

Malware Config

Extracted

Family

qakbot

Version

402.363

Botnet

biden54

Campaign

1634802135

C2

81.250.153.227:2222

120.150.218.241:995

76.25.142.196:443

63.143.92.99:995

89.101.97.139:443

136.143.11.232:443

81.213.59.22:443

136.232.34.70:443

140.82.49.12:443

37.208.181.198:61200

78.191.24.189:995

216.201.162.158:443

197.89.144.102:443

89.137.52.44:443

182.176.180.73:443

173.21.10.71:2222

117.198.156.56:443

196.207.140.40:995

103.142.10.177:443

24.231.209.2:6881

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  44490.4217984954.dat
- Size
  
  534KB
- MD5
  
  1ca07a72a885754193c2f8536728a5ef
- SHA1
  
  c58a312b7e26afa6a0c0782481d2504be39ca262
- SHA256
  
  a0bfba60d2ae341fc6af47bcbd9f4f521c5f0cabf05a50479bbc70597bb519e8
- SHA512
  
  6bdb91b12364ece4c0b53bac3b22cb454cbd37ea970a29501d84976fcffa45ff38491aefc028dfdca486d47ddd1d4a93518eb11cc0ddb624a1e82e928c8997e3
Score

10^/10

qakbot biden54 1634802135 banker evasion stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Windows security bypass
  evasion trojan
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

qakbotbiden541634802135bankerevasionstealertrojan

behavioral2

qakbotbiden541634802135bankerevasionstealertrojan