qakbot | 9b30eafba4d4e1c9491ed31dbe7f9de2acf4e217d8fa162d471993bb05ec14fe | Triage

Sharing

General

Target

b22026d045873d54eeffc181b0bd282e
Size

1.2MB
Sample

211022-ws6bbsbhf7
MD5

6dd575fb4081e2946812ffa942557edc
SHA1

a93c65cdfe016795dd72a2d8bd8a2a3fb53a7729
SHA256

9b30eafba4d4e1c9491ed31dbe7f9de2acf4e217d8fa162d471993bb05ec14fe
SHA512

f9bae851d5c39123a9c351537b384084c7051409374b90fb57e5edd1d0ee4e60e17d2e0ffb4606304f323869d3eacfdee7b0a389bc25d69c29c8ba150e400d33

Score

10^/10

qakbot tr 1634905513 banker evasion stealer trojan

Malware Config

Extracted

Family

qakbot

Version

402.363

Botnet

tr

Campaign

1634905513

C2

27.5.5.31:2222

136.143.11.232:443

68.186.192.69:443

117.198.157.160:443

108.4.67.252:443

207.246.112.221:995

105.198.236.99:995

37.208.181.198:61200

115.99.227.13:995

140.82.49.12:443

188.50.34.167:995

216.201.162.158:443

103.142.10.177:443

197.89.21.241:443

73.25.109.183:2222

81.250.153.227:2222

2.222.167.138:443

78.191.24.189:995

87.242.20.233:2222

89.101.97.139:443

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  b22026d045873d54eeffc181b0bd282e
- Size
  
  1.2MB
- MD5
  
  6dd575fb4081e2946812ffa942557edc
- SHA1
  
  a93c65cdfe016795dd72a2d8bd8a2a3fb53a7729
- SHA256
  
  9b30eafba4d4e1c9491ed31dbe7f9de2acf4e217d8fa162d471993bb05ec14fe
- SHA512
  
  f9bae851d5c39123a9c351537b384084c7051409374b90fb57e5edd1d0ee4e60e17d2e0ffb4606304f323869d3eacfdee7b0a389bc25d69c29c8ba150e400d33
Score

10^/10

qakbot tr 1634905513 banker stealer trojan evasion
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Windows security bypass
  evasion trojan
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

qakbottr1634905513bankerstealertrojan

behavioral2

qakbottr1634905513bankerevasionstealertrojan