qakbot | 10bd9f37368e1f0e034f9a289dcf29b500e9a77f9e05621ca9e4e21c56d838c8 | Triage

Sharing

General

Target

10bd9f37368e1f0e034f9a289dcf29b500e9a77f9e05621ca9e4e21c56d838c8
Size

1.6MB
Sample

211021-t1vtfsbddp
MD5

45c23bf7827e99d6d80e4a6341861399
SHA1

50d163a0862d47831e48beeede3115e579536cdf
SHA256

10bd9f37368e1f0e034f9a289dcf29b500e9a77f9e05621ca9e4e21c56d838c8
SHA512

c0cd2a1f68a49927d7ee01f61344fece00c5c15c759819b28fb03222a78e1ed72fd51ad229166d34390aa8a61d3d616407935c69346674589c093fe77a5383ff

Score

10^/10

qakbot tr 1634541613 banker evasion stealer trojan

Malware Config

Extracted

Family

qakbot

Version

402.363

Botnet

tr

Campaign

1634541613

C2

120.150.218.241:995

24.119.214.7:443

103.143.8.71:443

81.241.252.59:2078

81.250.153.227:2222

174.54.193.186:443

73.52.50.32:443

39.49.122.240:995

86.220.112.26:2222

103.82.211.39:465

78.191.38.33:995

216.201.162.158:443

181.118.183.94:443

66.177.215.152:0

208.78.220.143:443

94.200.181.154:443

136.232.34.70:443

136.143.11.232:443

81.213.59.22:443

103.82.211.39:990

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  10bd9f37368e1f0e034f9a289dcf29b500e9a77f9e05621ca9e4e21c56d838c8
- Size
  
  1.6MB
- MD5
  
  45c23bf7827e99d6d80e4a6341861399
- SHA1
  
  50d163a0862d47831e48beeede3115e579536cdf
- SHA256
  
  10bd9f37368e1f0e034f9a289dcf29b500e9a77f9e05621ca9e4e21c56d838c8
- SHA512
  
  c0cd2a1f68a49927d7ee01f61344fece00c5c15c759819b28fb03222a78e1ed72fd51ad229166d34390aa8a61d3d616407935c69346674589c093fe77a5383ff
Score

10^/10

qakbot tr 1634541613 banker stealer trojan evasion
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Windows security bypass
  evasion trojan
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

qakbottr1634541613bankerstealertrojan

behavioral2

qakbottr1634541613bankerevasionstealertrojan