qakbot | a3c1f77932940ecbf2027740b14996719eb3757a57ffbf81ba85a81c15d67ac6 | Triage

Sharing

General

Target

44490.6116784722.zip
Size

519KB
Sample

211021-qlsh1abbhl
MD5

af7cbb94c5ed2c622551bfcbda31a87e
SHA1

ad5c87f802fd97a631030339ce5114cfec571124
SHA256

a3c1f77932940ecbf2027740b14996719eb3757a57ffbf81ba85a81c15d67ac6
SHA512

8b486b302727f9ae41e9a5b48df1b3bf17455c8521c537e624bdf883a8b691d0700b61c5fb831d124d879a5911f4027b5630b120f6995d05e6db82a0ca890b0e

Score

10^/10

qakbot biden54 1634810637 banker evasion stealer trojan

Malware Config

Extracted

Family

qakbot

Version

402.363

Botnet

biden54

Campaign

1634810637

C2

136.143.11.232:443

63.143.92.99:995

182.176.180.73:443

136.232.34.70:443

123.252.190.14:443

216.201.162.158:443

37.208.181.198:61200

140.82.49.12:443

197.89.144.102:443

89.137.52.44:443

109.12.111.14:443

78.191.24.189:995

105.198.236.99:995

196.207.140.40:995

41.235.69.115:443

2.222.167.138:443

117.198.156.56:443

24.231.209.2:6881

27.223.92.142:995

96.246.158.154:995

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  44490.6116784722.dat
- Size
  
  890KB
- MD5
  
  d593dcb2a5a103560ff0c893f088e2c0
- SHA1
  
  e9ab09ba5243d17ad920d31e8311b60b22b74464
- SHA256
  
  bce1f03746e9cb1d8858bf5abe2e659ad682391119cf6fbe55bb7435d1c48c1e
- SHA512
  
  043ee01fff1b671deef7760db26f3841a133e386ea80f005839cb50f101543fb7ee770d6d9ccb9b5eb0757b1526664ffb689e4e0fe91fa14e8549ab89567a3a6
Score

10^/10

qakbot biden54 1634810637 banker evasion stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Windows security bypass
  evasion trojan
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

qakbotbiden541634810637bankerevasionstealertrojan

behavioral2

qakbotbiden541634810637bankerstealertrojan