qakbot | d06b659b40de71bc2fa70265880c18a0fbbfb60286eb23a4904ee468c9e20c74 | Triage

Resubmissions

25-10-2021 13:19

211025-qkyzdshahj 10

24-10-2021 04:23

211024-e1bcgseabn 10

Sharing

General

Target

d06b659b40de71bc2fa70265880c18a0fbbfb60286eb23a4904ee468c9e20c74
Size

543KB
Sample

211024-e1bcgseabn
MD5

dcaf224e8abf91c21006cea3d2538826
SHA1

eb9b9a46fcb56a72e9fbf91c1ba41bc2502ac9e5
SHA256

d06b659b40de71bc2fa70265880c18a0fbbfb60286eb23a4904ee468c9e20c74
SHA512

9ccdc2bba51f44e1ea88e30cbc6957d224d66973e44ec3918a37a8c4624c0bc1e9c50b6187c552f7684e65cb2abf4b679317ab5975633fe412aaf8a0bf942cce

Score

10^/10

qakbot star01 1634887535 banker evasion stealer trojan

Malware Config

Extracted

Family

qakbot

Version

402.363

Botnet

star01

Campaign

1634887535

C2

89.101.97.139:443

37.208.181.198:443

96.246.158.154:995

207.246.112.221:443

89.137.52.44:443

123.252.190.14:443

27.223.92.142:995

120.150.218.241:995

63.143.92.99:995

136.232.34.70:443

88.226.225.168:443

39.49.78.75:995

117.198.157.160:443

27.5.5.31:2222

136.143.11.232:443

68.186.192.69:443

37.208.181.198:61200

216.201.162.158:443

24.119.214.7:443

196.207.140.40:995

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Targets

- Target
  
  d06b659b40de71bc2fa70265880c18a0fbbfb60286eb23a4904ee468c9e20c74
- Size
  
  543KB
- MD5
  
  dcaf224e8abf91c21006cea3d2538826
- SHA1
  
  eb9b9a46fcb56a72e9fbf91c1ba41bc2502ac9e5
- SHA256
  
  d06b659b40de71bc2fa70265880c18a0fbbfb60286eb23a4904ee468c9e20c74
- SHA512
  
  9ccdc2bba51f44e1ea88e30cbc6957d224d66973e44ec3918a37a8c4624c0bc1e9c50b6187c552f7684e65cb2abf4b679317ab5975633fe412aaf8a0bf942cce
Score

10^/10

qakbot star01 1634887535 banker stealer trojan evasion
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Windows security bypass
  evasion trojan
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

qakbotstar011634887535bankerstealertrojan

behavioral2

qakbotstar011634887535bankerevasionstealertrojan